Replace or update the default Self-Signed or 3rd (Third) Party Certificate used by the LiveUpdate Administrator (LUA) server for HTTPS communications.
LiveUpdate Administrator
The LUA Tomcat server uses a Java keystore (JKS) to securely house its public and private key pair. This file is password protected with a proprietary password. You must create a new JKS file, and generate or obtain a new certificate to replace the LUA certificate. LUA supports both self-signed certificates and Certificate Authority (CA) signed certificates.
Obtain a new certificate
Most large organizations have specific Public Key Infrastructure (PKI) requirements. Work with the PKI experts in your organization to determine what type of certificate you require: a self-signed certificate, an internal CA-signed certificate, or a public CA-signed certificate. Generate or obtain a new certificate based on your organizational requirements. If you have no organizational PKI requirements, you can use the Java keytool program to generate a new self-signed certificate, or leave the default self-signed certificate in place.
Note: CA-signed certificate is required for content distribution over HTTPS port via LUA, applicable for the Windows SEP endpoints.
Generate a new JKS
note: For more information on the Java keytool, see Oracle's public documentation here: https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html
Import the new certificate
Replace server-cert.ssl
Encrypt the keystore password
"C:\Program Files (x86)\Symantec\LiveUpdate Administrator\jre\bin\java.exe" -cp ssl-lua.jar;commons-codec-1.10.jar;"C:\Program Files (x86)\Symantec\LiveUpdate Administrator\tomcat\lib\tomcat-util.jar" com.symantec.lua.SSLPasswordDecrypt <JKS Password>
Update catalina.properties
Note: Customization of the LUA's default certificate is unsupported by Symantec support.