Symantec Management Center comes with an untrusted certificate out of the box, which may not meet security standards for production environments.

In this tutorial, we'll walk through the process of configuring SSL certificates for Symantec Management Center web GUI, replacing the initial untrusted certificate with one signed by your internal Certificate Authority (CA).

Necessary prerrequisites:

  • Server certificate (key and certificate) signed by your internal CA in base64 format
  • Root certificate (CA certificate) of your internal CA in base64 format

Configuration steps

Enter SSL configuration mode

To begin, we'll connect to the Management VA via SSH, enter the configuration mode and ssh mode:

localhost> en
localhost# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
localhost(config)# ssl

Import the server certificate (key and certificate)

Run this command...

localhost(config-ssl)# inline keyring default showable yes

and paste both the key and the server certificate signed by the internal CA in base 64 format:

This command replaces the 'default' certificate that is used by the web GUI

Import CA root certificate

Add the root certificate of your internal CA as an inline CA certificate, run this command... (choose the name you want instead of "myCA-root")

localhost(config-ssl)# inline ca-certificate myCA-root

... and paste the root certificate in base 64 format.

Edit the browser-trusted CA

Finally, to edit the browser-trusted CA list to include this certificate

localhost(config-ssl)# edit ccl browser-trusted
localhost(config-ccl-browser-trusted)# add myCA-root

By following these steps, you've successfully configured SSL for your Management Center web GUI with certificate signed by your internal CA.