Searching...
Filters
SmallMediumLarge
Home Print Show Topic URL Previous Next
IT Management Suite
Client Management Suite
Server Management Suite
Deployment Solution
Asset Management Suite
ServiceDesk

Exporting a root CA certificate from Notification Server

ITMS Installation and Upgrade

Before you perform this step, ensure that you have configured Notification Server to use HTTPS mode of communication.

See Configuring Notification Server to use HTTPS

Before you migrate a managed computer to HTTPS, you must ensure that the agent can communicate with Notification Server and site servers using HTTPS. To use HTTPS for communication, the agent must trust Notification Server and the site servers. If necessary, you can add the appropriate root certificate authority (CA) certificates to the Trusted Root Certificate Authorities store of the Local Computer account on the managed computer.

You can export the appropriate self-signed certificate from Notification Server. If Notification Server does not use a self-signed certificate, you need to export the root CA for the certificate chain that Notification Server uses.

To roll out the certificate to managed computers, use the Targeted Agent Settings page in Symantec Management Console.

To export a root CA certificate from Notification Server

  1. On the Notification Server computer, start Microsoft Management Console.

  2. Add the Certificates snap-in for the Computer account > Local Computer, and then navigate to Console Root > Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates.

  3. Right-click the certificate authority that you want to export:

    SMP <NS_Name> Agent CA

    This certificate authority issues Agent certificates. Symantec Management Agents use these certificates when they communicate with Notification Server and site servers through an Internet gateway.

    The Internet gateway must have this CA installed to trust the connecting clients.

    SMP <NS_Name> Server CA

    This certificate authority issues Server certificates. Site servers use these certificates to authenticate themselves.

    When Symantec Management Agents contact the site server, they verify the server certificate.

  4. Click All Tasks > Export.

  5. In the Certificate Export Wizard, specify the following settings:

    • Select Yes, export the private key.

    • Select Personal Information Exchange - PKCS #12 .PFX, and then click Delete the private key if the export is successful.

      Warning: To set up Cloud-enabled Management, it is only required to export public key of the root certificate authority to managed computers. For security reasons, you should never export the private key of a root certificate authority.
    • Specify the certificate password.

    • Specify the path and name of the exported certificate file.

  6. Click Finish, and then close the export confirmation pop-up window.

The next step is to redirect the Symantec Management Agent to use HTTPS.

See Redirecting the Symantec Management Agent to use HTTPS

For a detailed end-to-end process on setting up HTTPS communication in your ITMS environment, See Configuring Notification Server to use HTTPS after ITMS installation is completed

For more information about setting up HTTPS communication in your ITMS environment, see the How to run ITMS on HTTPS feature card.