How to add a Signed Certificate to the SSIM Client

book

Article ID: 177679

calendar_today

Updated On:

Products

Security Information Manager

Issue/Introduction

How to add a Signed Certificate to the SSIM Client.

Resolution

When a Signed Certificate is imported to the Symantec Security Information Manager (SSIM), it requires the SSIM Client to have the same certificate information.

Note: Before you can successfully connect with the SSIM Client using the Signed Certificate, the SSIM must have been restarted after the Signed Certificate was received.

To apply the same Signed Certificate information from the SSIM to the SSIM client

    1. Connect to the SSIM with an SCP client (i.e. WinSCP).
    2. Navigate on the SSIM to /opt/jdk/jre/lib/security
    3. Copy the cacerts file off the SSIM either to a temporary location.
    4. Move the cacerts file to the SSIM Clients security directory.
      By default this is C:\Program Files\Symantec\Security Information Manager\jre\vm\lib\security
    5. If the SSIM Client is currently open, you must close and open the console for it to use the new certificate information.



Applies To

 Important Information Regarding Security Information Manager versions and what encryption bit level is supported.

 
  • For SSIM servers running SSIM 4.7 MP2 and earlier, 1024bit is the maximum bit size for certificates.
  • For SSIM servers running SSIM 4.7 MP3 and later, 2048bit is the maximum bit size for certificates.
  • NOTE: 4096bit certificates are currently NOT supported on any version of SSIM.