Symantec Management Center comes with an untrusted certificate out of the box, which may not meet security standards for production environments.
In this tutorial, we'll walk through the process of configuring SSL certificates for Symantec Management Center web GUI, replacing the initial untrusted certificate with one signed by your internal Certificate Authority (CA).
- Server certificate (key and certificate) signed by your internal CA in base64 format
- Root certificate (CA certificate) of your internal CA in base64 format
Enter SSL configuration mode
To begin, we'll connect to the Management VA via SSH, enter the configuration mode and ssh mode:
localhost# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Import the server certificate (key and certificate)
Run this command...
localhost(config-ssl)# inline keyring default showable yes
and paste both the key and the server certificate signed by the internal CA in base 64 format:
This command replaces the 'default' certificate that is used by the web GUI
Import CA root certificate
Add the root certificate of your internal CA as an inline CA certificate, run this command... (choose the name you want instead of "myCA-root")
localhost(config-ssl)# inline ca-certificate myCA-root
... and paste the root certificate in base 64 format.
Edit the browser-trusted CA
Finally, to edit the browser-trusted CA list to include this certificate
localhost(config-ssl)# edit ccl browser-trusted
localhost(config-ccl-browser-trusted)# add myCA-root
By following these steps, you've successfully configured SSL for your Management Center web GUI with certificate signed by your internal CA.