This article explains how to create a Certificate Signing Request (CSR) for an SSL certificate and then import the certificate to Symantec Encryption Management Server.
Services such as clustering and web messenger use the SSL protocol and require a server-side SSL/TLS certificate, which includes the host name for the IP address of the server on which the service is running. To issue a certificate, the Certificate Authority needs information found in a certificate request. The steps below illustrate how to create the CSR and import the signed Certificate to the network interface for Encryption Management Server.
Before you import the server certificate, you must ensure that Encryption Management Server trusts the certificates in the server certificate's issuing chain. Every signed certificate has an issuing chain of certificates. Generally, the Certificate Authority will send you these certificates or direct you to a web site from where you can download them. There is always a root certificate in the signing chain and at least one intermediate certificate. To ensure that Encryption Management server trusts them please do the following: