trusted SSL Certificate authenticated communication between SEPM and Client
Created: 07 Mar 2013 | Updated: 21 Mar 2013 | 14 comments
This issue has been solved. See solution.
Hi All,
Good Day..
We are using Sep 12.1 RU1 MP1 on a windows Architecture, and we are operating globally.
We have a MSL with a Public IP, clients will report to our existing internal SEPM while they are on Public internet via Public IP (only for Policy, definition updates will took from internet), this communication is via port number 80, and our security auditing team has been guided to change this communication with certificate authenticated over port 443.
What could be the best practices and changes required on SEPM and clients to get it done?
we having approx 3000 clients on Roaming.
Best Regards
Ajin
Operating Systems:
Discussion Filed Under:
Comments 14 Comments • Jump to latest comment
Hello,
Check these Articles:
Configuring SSL between Symantec Endpoint Protection Manager and the clients
http://www.symantec.com/docs/HOWTO55351
Symantec Endpoint Protection 12.1: Enabling SSL Between the Manager and Clients
http://www.symantec.com/docs/TECH162326
Enabling SSL Between the Symantec Endpoint Protection Manager and Client
https://www-secure.symantec.com/connect/articles/enabling-ssl-between-symantec-endpoint-protection-manager-and-client
Moreover, incase you are thinking using the SEPM 12.1 webconsole over SSL, check this Thread:
https://www-secure.symantec.com/connect/forums/how-install-proper-ssl-certificate-sepm-server
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Hi Mithun ,
Thanks for your inputs.
But unfortunately none of the link is saying about Configuring SEPM to use trusted SSL certificate for communication, if I miss anything please advice.
Regards
Ajin
in MSL you need to have IP address (public) with the port 443. Also you need to have cetificate installe don machine.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Hi Pete,
Thanks for the response.
What about Configuring SEPM to use trusted SSL certificate for communication?
Since we don’t have any kind of control from office while clients on Public network and on this scenario how we can achieve this (installing trusted SSL certificate)?
Thanks & Regards
Ajin
For enabling SSL between SEPM and clients have a look here:
Enabling SSL communication between the management server and the client
http://www.symantec.com/docs/HOWTO55350
Hi Sebastian
Thanks for your inputs.
But unfortunately the link doesn't saying about Configuring SEPM to use trusted SSL certificate for communication, if I miss anything please advice.
Regards
Ajin
I see, have a look at some similar threads - maybe this will help:
https://www-secure.symantec.com/connect/forums/how...
https://www-secure.symantec.com/connect/forums/con...
Hello,
To enable SSL between the Symantec Endpoint Protection Manager and client
#Include conf/ssl/sslForClients.conf
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
http://www.cstl.com/
Hi,
Thanks for your response
The link is somewhat helpful
Regards
Ajin
FYI, I've done some testing and cobbled together an article for this.
Once it's approved I'll link it in.
http://www.cstl.com/
Below is the KB that I use when updating server certificates.
http://www.symantec.com/docs/HOWTO81061
If I was able to help resolve your issue please mark my post as solution.
Sorry to ressurect this thread, but here's the article I mentioned. Took a while to get it published:
https://www-secure.symantec.com/connect/articles/s...
http://www.cstl.com/
Hi All
Thanks for all your replies.
I got approx solution from Below KB’s
http://www.symantec.com/docs/HOWTO81061 , http://www.symantec.com/docs/HOWTO81146 ,
Best Regards
Ajin
Would you like to reply?
Login or Register to post your comment.