Generating a new server certificate

You generate a new server certificate for
Symantec Endpoint Protection Manager
if the IP address or host name of the server changes, or if your private key was compromised.
By default, client-server communication depends on verifying the server certificate. If you generate a new server certificate, this verification fails and communication is interrupted. Follow the best practices for updating the certificate before you begin this procedure.
  1. To generate a new server certificate
  2. In the console, click
    Admin
    , and then click
    Servers
    .
  3. Under
    Servers
    , click the management server.
  4. Under
    Tasks
    , click
    Manage Server Certificate
    , and then click
    Next
    .
  5. In the
    Manage Server Certificate
    panel, click
    Generate new server certificate
    . Make sure that
    Generate new Keys
    is checked, and then click
    Next
    .
    Generate new Keys
    generates a new certificate with a new key pair (public and private keys). If you uncheck this option, the new certificate uses the same key pair as before, which lowers the
    Symantec Endpoint Protection Manager
    server security profile in the case of a compromised key pair.
  6. Click
    Yes
    , and then click
    Next
    .
  7. You must restart the following services to use the new certificate:
    • The
      Symantec Endpoint Protection Manager
      service
    • The
      Symantec Endpoint Protection Manager
      Webserver service
    • The
      Symantec Endpoint Protection Manager
      API service
      (As of 14)
The next time you log on to
Symantec Endpoint Protection Manager
, you are asked to trust the new certificate.