How to import a Signed Certificate to Symantec Security Information Manager (SSIM)

book

Article ID: 177678

calendar_today

Updated On:

Products

Security Information Manager

Issue/Introduction

How to import a Signed Certificate to Symantec Security Information Manager (SSIM).

Resolution

This article gives instructions on how to import a Signed Certificate into SSIM. For instructions on how to request, issue certificates, please read documentation provided by the Vendor of the certificate server you use.

Note: The Certificate that is Issued from the Certificate Authority must be setup for both Server and Client authentication.

First, import the CA Root certificate

    1. Login to the SSIM Web Configuration page.
    2. In the left pain, click Certificate Management.
    3. In the right pain, click Add CA Root.
    4. For Key File, click Browse.
    5. Navigate to the certificate file and click Open.
    6. In the Key Label text box, type the correct Label.
    7. Click Add.


Second, create the Certificate Signing Request (CSR)

    1. In the SSIM Web Configuration page, in Certificate Management, click Create CSR.
    2. Enter the Organization, Country Code (two charaters), and Label (must be different from CA Root Label) information.
    3. Click Submit.
    4. Save the CSR file.


The CSR must be received by the Certificate Authority and a Signed Certificate is Issued. The signed certificate has the same filename as the CA Root certificate by default. It is best if you save it in a different but easy to find location.

Import the Signed Certificate

    1. In the SSIM Web Configuration page, in Certificate Management, click Receive Signed.
    2. For Certificate File, click Browse.
    3. Navigate to the certificate file and click Open.
    4. From the Key Label drop-down, select the Label the CSR was generated with.
    5. Leave the username as cn=root.
    6. In the Password text box, type the cn=root password.
    7. Click Receive.


You must add the Signed Certificate information to both SSIM Clients and Event Agents that must communicate with the SSIM appliance(s) as well.

For information on how to add a Signed Certificate to the SSIM Client, read the article: How to add a Signed Certificate to the SSIM Client
For information on how to add a Signed Certificate to the Event Agent, read the article: How to add a Signed Certificate to the Symantec Event Agent


Applies To

Important Information Regarding Security Information Manager versions and what encryption bit level is supported.

  • For SSIM servers running SSIM 4.7 MP2 and earlier, 1024bit is the maximum bit size for certificates.
  • For SSIM servers running SSIM 4.7 MP3 and later, 2048bit is the maximum bit size for certificates.
  • NOTE: 4096bit certificates are currently NOT supported on any version of SSIM.  While importing a 4096bit CA root certificate will appear to have succeeded in the WebGUI, doing so may cause the SIM environment to break communication between the appliances and local services.