Request or Renew a Symantec VIP certificate for Enterprise Gateway or ADFS using VIP Manager
book
Article ID: 164522
calendar_today
Updated On:
Products
VIP Service
Issue/Introduction
An expired or revoked VIP certificate could result in abrupt VIP authentication failures. Certificate expiry notifications are sent to the TECHNICAL contact listed on the VIP Manager account (Click here to update contact information). Visual warnings are also displayed in VIP Manager in the Notifications window:
Symantec recommends using a Distribution List email address in the technical contact information to allow delivery of VIP certificate expiration notifications to multiple people.
(note: Active VIP certificates aren't automatically revoked or expired if a VIP account service-end date lapses as long as the account is renewed within 30 days of expiration.)
VIP certificates provide proof of identity between your Symantec VIP Service account and VIP application (Enterprise Gateway, third-party integration, or custom applications). Certificates management is performed from your VIP Manager account by an administrator with certificate permissions.
Generating and downloading a VIP Certificate:
Log into the VIP Manager portal, select Account, then click Manage VIP Certificates in the Links pane on the right-side of the page.
On the Manage VIP Certificates page, click Request a Certificate.
Read the instructions on the Certificate Instructions page, and click Continue.
Type a logical name for the certificate in the Certificate Name field. Symantec suggests using a naming format that identifies where the certificate is used. (e.g., EGW98_10.10.1.1)
Read the text in the Important Service Requirements area, then click Submit Request.
Select the PKCS#12 file format unless your application requires PEM format. Set a secure certificate password to download.
Click Download Certificate and save the VIP certificate to a secure location.
Installing the new VIP certificate on the VIP Enterprise Gateway:
Download the VIP certificate in the .p12 format from VIP Manager and save the VIP Enterprise Gateway server.
Log in to the VIP Enterprise Gateway console.
Click the Settings tab from the top navigation bar.
Select VIP Certificate from the list of links in the left column.
Click Add VIP Certificate.
Select the certificate and certificate password.
Give the certificate an alias. This is simply a way to identify the certificate.
Click Submit.
The VIP certificate is now imported and appears in the list of installed VIP certificates. Locate the new certificate in the list and click Use this Key from the Action column to activate the new certificate.
Click the Home tab from the top navigation bar and restart any services in a pending restart state.
Installing the new VIP certificate on an AD FS server with VIP MFA integration:
Download the VIP certificate in the .p12 format from VIP Manager and save it to the folder where the AD FS module is installed (typically \Program Files\Symantec\ADFS\).
Launch the VIP AD FS integration Settings module with administrative privilege (typically \Program Files\Symantec\ADFS\adfs_config.exe)
In the VIP Certificate field, browse to the \Program Files\Symantec\ADFS\ folder, then select the VIP certificate.
Click Test Settings.
Enter a valid VIP user name and security code that exactly matches a user name and VIP credential in your VIP Manager.
If a success message is seen, click OK.
Restart the AD FS service.
Repeat these steps on each AD FS server in the farm where the VIP integration is in use.