Configuring Symantec Mobile Management to require SSL

Article:TECH201102  |  Created: 2012-12-21  |  Updated: 2013-09-09  |  Article URL http://www.symantec.com/docs/TECH201102
Article Type
Technical Solution

Product(s)

Issue



You want to use SSL to secure communication in your network. To do so, you must configure Symantec Mobile Management to require SSL for network communication.


Environment



Symantec Mobile Management 7.2


Solution



Before you begin, make sure IIS SSL certificates and associated bindings have been created:

  • All Mobile Management Site-servers and Notification Servers have trusted SSL certificates installed and enabled in their IIS bindings. Note: Do not require SSL at this point. See http://symantec.com/docs/HOWTO53002 for the SSL and bindings set up steps.
  • For each server, the subject of each certificate matches the fully-qualified domain name (FQDN) that is used to communicate with that server.
  • All devices can communicate and trust the IIS SSL certificate that is installed on the Mobile Management Site-server(s).

The Symantec Management Platform and Agents must be configured to communicate using SSL:

Configure SSL for targeted Symantec Management Agents

  1. In the Mobile Management console, go to Settings > Agents/Plug-ins > Symantec Management Agent.
  2. Expand Settings.
  3. Select Symantec Management Agent Settings – Targeted.
  4. Select All Site Servers.
  5. Click the Advanced tab and change the URL of the Notification Server to https.
     

Configure SSL for deployed Symantec Management Agents, change the registry key on each Mobile Management Site-server and the Notification server

  1. Go to REGEDIT > REGIDIT > hkey local machine > software > altiris > altiris agent > servers.
  2. Click server FQDN, then change the registry key Web value to enable https.
  3. Restart the Symantec Management Agent service.

The Mobile Management Site-Server must be configured to communicate using SSL:

  •  All communication between Notification Servers and Mobile Management Site-server(s) are set to use HTTPS. If necessary, force server communications to use HTTPS. See http://symantec.com/docs/TECH201766
  • All device-to-Mobile Management Site-server(s) communication is set to use HTTPS. The use of HTTPS between mobile devices and the Mobile Management Site-server is typically required. See http://symantec.com/docs/TECH201766

 Apply Require SSL IIS setting

Note: See http://symantec.com/docs/HOWTO53002 for more information about this procedure.

  1. Open IIS, select the Sites folder and right-click Default Web Site.
  2. In the dialog, click SSL Settings and select Require SSL.
  3. Click Apply in the action panel.
  4. Open a Command Prompt window and run iisreset to restart the IIS service.
     

Restart services

When finished configuring SSL, restart the Symantec Mobile Management Service Agent, Symantec iOS Command Service, Symantec APNS Service, and Symantec Android Command Service on the Mobile Management Site-server.
 


Supplemental Materials

SourceETrack
Value2995895, 3036893


Article URL http://www.symantec.com/docs/TECH201102


Terms of use for this information are found in Legal Notices