Before you migrate a managed computer to HTTPS, you must ensure that the agent can communicate with Notification Server and site servers using HTTPS. To use HTTPS for communication, the agent must trust Notification Server and the site servers. If necessary, you can add the appropriate root certificate authority (CA) certificates to the Trusted Root Certificate Authorities store of the Local Computer account on the managed computer.
You can export the appropriate self-signed certificate from Notification Server. If Notification Server does not use a self-signed certificate, you need to export the root CA for the certificate chain that Notification Server uses.
To roll out the certificate to managed computers, use the Targeted Agent Settings page in Symantec Management Console.
To export a root CA certificate from Notification Server
On the Notification Server computer, start Microsoft Management Console.
Add the Certificates snap-in for the Computer account > Local Computer, and then navigate to Console Root > Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates.
Right-click the certificate authority that you want to export:
SMP <NS_Name> Agent CA
This certificate authority issues Agent certificates. Symantec Management Agents use these certificates when they communicate with Notification Server and site servers through an Internet gateway.
The Internet gateway must have this CA installed to trust the connecting clients.
SMP <NS_Name> Server CA
This certificate authority issues Server certificates. Site servers use these certificates to authenticate themselves.
When Symantec Management Agents contact the site server, they verify the server certificate.
Click All Tasks > Export.
In the Certificate Export Wizard, specify the following settings:
Select Yes, export the private key.
Select Personal Information Exchange - PKCS #12 .PFX, and then click Delete the private key if the export is successful.
To set up Cloud-enabled Management, it is only required to export public key of the root certificate authority to managed computers. For security reasons, you should never export the private key of a root certificate authority.
Specify the certificate password.
Specify the path and name of the exported certificate file.
Click Finish, and then close the export confirmation pop-up window.
The next step is to redirect the Symantec Management Agent to use HTTPS.