Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

trusted SSL Certificate authenticated communication between SEPM and Client

Created: 07 Mar 2013 • Updated: 21 Mar 2013 | 14 comments
This issue has been solved. See solution.

Hi All,

Good Day..

We are using Sep 12.1 RU1 MP1 on a windows Architecture, and we are operating globally.

We have a MSL with a Public IP, clients will report to our existing internal SEPM while they are on Public internet via Public IP (only for Policy, definition updates will took from internet), this communication is via port number 80, and our security auditing team has been guided to change this communication with certificate authenticated over port 443.

What could be the best practices and changes required on SEPM and clients to get it done?

we having approx 3000 clients on Roaming.

Best Regards

Ajin

Operating Systems:

Comments 14 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

Check these Articles:

Configuring SSL between Symantec Endpoint Protection Manager and the clients

http://www.symantec.com/docs/HOWTO55351

Symantec Endpoint Protection 12.1: Enabling SSL Between the Manager and Clients

http://www.symantec.com/docs/TECH162326

Enabling SSL Between the Symantec Endpoint Protection Manager and Client

https://www-secure.symantec.com/connect/articles/enabling-ssl-between-symantec-endpoint-protection-manager-and-client

Moreover, incase you are thinking using the SEPM 12.1 webconsole over SSL, check this Thread:

https://www-secure.symantec.com/connect/forums/how-install-proper-ssl-certificate-sepm-server

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

AjinBabu's picture

Hi Mithun ,

Thanks for your inputs.

But unfortunately none of the link is saying about Configuring SEPM to use trusted SSL certificate for communication, if I miss anything please advice.

Regards

Ajin

pete_4u2002's picture

in MSL you need to have IP address (public) with the port 443. Also you need to have cetificate installe don machine.

AjinBabu's picture

Hi Pete,

Thanks for the response.

What about Configuring SEPM to use trusted SSL certificate for communication?

Since we don’t have any kind of control from office while clients on Public network and on this scenario how we can achieve this (installing trusted SSL certificate)?

Thanks & Regards

Ajin

SebastianZ's picture

For enabling SSL between SEPM and clients have a look here:

Enabling SSL communication between the management server and the client

http://www.symantec.com/docs/HOWTO55350

AjinBabu's picture

Hi Sebastian

Thanks for your inputs.

But unfortunately the link doesn't saying about Configuring SEPM to use trusted SSL certificate for communication, if I miss anything please advice.

Regards

Ajin

Mithun Sanghavi's picture

Hello,

 

To enable SSL between the Symantec Endpoint Protection Manager and client

  1. Use a text editor to open the file \Program Files\Symantec\Symantec Endpoint Protection Manager\apache\conf\ssl\httpd.conf.
  2. Find the following entry:
     #Include conf/ssl/sslForClients.conf
  3. Remove the hash mark (#) from the text string, and then save the file.
  4. Restart Symantec Endpoint Protection Manager.

 

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SMLatCST's picture

 

I've never been able to find an actual article on replacing the self-signed SSL used for client communications with a trusted one signed by thrid party.
 
The closest I've found is to combine the steps from the below sources:
 
https://www-secure.symantec.com/connect/forums/installing-third-party-certificate-sepm-121
http://www.openssl.org/docs/HOWTO/
SMLatCST's picture

FYI, I've done some testing and cobbled together an article for this.

Once it's approved I'll link it in.

Cameron_W's picture

Below is the KB that I use when updating server certificates.

http://www.symantec.com/docs/HOWTO81061

If I was able to help resolve your issue please mark my post as solution.

SMLatCST's picture

Sorry to ressurect this thread, but here's the article I mentioned.  Took a while to get it published:

https://www-secure.symantec.com/connect/articles/s...