Generating a new server certificate
You generate a new server certificate for
Symantec Endpoint Protection Managerif the IP address or host name of the server changes, or if your private key was compromised.
By default, client-server communication depends on verifying the server certificate. If you generate a new server certificate, this verification fails and communication is interrupted. Follow the best practices for updating the certificate before you begin this procedure.
- To generate a new server certificate
- In the console, clickAdmin, and then clickServers.
- UnderServers, click the management server.
- UnderTasks, clickManage Server Certificate, and then clickNext.
- In theManage Server Certificatepanel, clickGenerate new server certificate. Make sure thatGenerate new Keysis checked, and then clickNext.Generate new Keysgenerates a new certificate with a new key pair (public and private keys). If you uncheck this option, the new certificate uses the same key pair as before, which lowers theSymantec Endpoint Protection Managerserver security profile in the case of a compromised key pair.
- ClickYes, and then clickNext.
- You must restart the following services to use the new certificate:
- TheSymantec Endpoint Protection Managerservice
- TheSymantec Endpoint Protection ManagerWebserver service
- TheSymantec Endpoint Protection ManagerAPI service(As of 14)
The next time you log on to
Symantec Endpoint Protection Manager, you are asked to trust the new certificate.