ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Configuring the Symantec Management Platform to use HTTPS (SSL) instead of HTTP.

book

Article ID: 237409

calendar_today

Updated On:

Products

IT Management Suite Client Management Suite

Issue/Introduction

The customer wants to configure his Symantec Management Platform to use SSL (HTTPS) instead of the default HTTP protocol. 

Environment

ITMS 8.5, 8.6

Resolution

The main reference for this article can be found in our online documentation:

Configuring Notification Server to use HTTPS after ITMS installation is completed

The following article is provided as a visual reference of those settings/pages where you need to make the proper changes.

Most customers already have some of the HTTPS/SSL/Port 443 setup in place when it was initially installed. It is likely a few changes will need to be made to use port 443. The SMP Server is automatically configured to use HTTPS during the installation of the IT Management Suite, when you select the "Require HTTPS to access the Management Platform" on the Notification Server Configuration page, in Symantec Installation Manager.

You most likely have a certificate available. We create a self-signed certificate when you install the SMP Server, at least if you started with version 8.0 and later.

SIM should tell you if you already have some of what is needed in place:

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=rRju9Pv1Aay6IlCzpuoRqA==

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=CTNW31XHl2YZmtpImkxxAw==

When SSL was selected during initial installation:

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=toOBzcNjc7sj1EvcbSI11w==

When SSL was not selected during initial installation:

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=kdARGa0XAeh7vCNmt0jDpw==

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=I2glzH7xUAHqh4KWmHVxLQ==

 

 

The process of setting up HTTPS communication in your ITMS environment involves the following steps:



Note
Before you start, make sure you have a valid certificate that you can use: one that you have created for your environment or the default one (self-signed) that was created during the initial SMP installation. Most likely IIS already has one assigned to the Port 443 binding:



Viewing an SSL certificate

Table: Process of setting up HTTPS communication in your ITMS environment.


Step

Action

Description

Step 1

Configure your Notification Server and Symantec Management Agents to use HTTPS.

After the ITMS solutions installation is completed, a Notification Server communication profile is used to perform the following:

 

  • Configure your Notification Server for HTTPS access.

    The default SSL port is 443. The port 80 and HTTP access must be disabled.

  • Configure your Symantec Management Agents to use HTTPS for communicating with the Notification Server.



Step 2

Configure your  Targeted Agent Settings to use HTTPS.

Step 3

Configure the Symantec Management Console to use HTTPS only.

To configure the Symantec Management Console so that it is available to HTTPS only, enable the IIS SSL setting Require SSL.

Step 4

Configure a package server to publish HTTPS package codebases.

You can configure HTTPS on your package servers by using the Package Service Settings page. This page specifies the global package service settings that are applied to all package servers that serve your Symantec Management Platform.

If you had "Publish HTTP codebase" and you don't have HTTP codebases anymore, you can uncheck the option under the Package Service Settings page, Then go to Control Panel>Scheduled Tasks and run the NS.Package Refresh schedule (by default it runs every day at 3:30am). By running this schedule, the SWD codebases and snapshot URLs should be updated.

Step 5

Configure site servers to use HTTPS.

 

 

Check that you have "Configure HTTPS binding" under the "Global Site Server Settings" page.

.

As well, check that the Site Server Communication Profile is set to HTTPS.

 

(Only required for setting up Cloud-enabled Management)

To serve CEM agents, site servers have to be configured to use HTTPS. This process is automated by Cloud-enabled Management Site Server Settings policy. When a new site server is assigned to an Internet site, an SSL certificate is distributed and HTTPS binding is created on the 4726 (changeable) port. By default, the Global Site Server Settings policy or Custom Certificate rollout settings do not affect the functionality of site servers that already use HTTPS. For example, if you assign a site server with an existing HTTPS binding to an Internet site, the binding is not overwritten

Configure sites and site servers to serve Cloud-enabled agents.

(Only required for setting up Cloud-enabled Management)

The Cloud-enabled agents that are behind the Internet gateway use Internet sites for determining site services. In the Symantec Management Console, you must add your site servers to a predefined Default Internet Site or other Internet sites that you want to use. You must also assign the Cloud-enabled computers to the sites that are based on resource targets. This manual assignment ensures that each computer remains a member of the appropriate site regardless of where it is physically located.

Step 6

Configure Agent Install to use HTTPS.

Step 7

Configure SIM to use HTTPS.

 

 

 

Note: Other areas to review for configuring your environment as HTTPS are:

  1. If you need to have Persistent Connection enabled. Enabling Persistent Connection in your Environment
  2. If you are using Deployment Solution, make sure you have HTTPS communication Profile selected under SMP Console>Settings>Deplouyment>Manage Preboot configurations.

    Or that the "Deployment Pre-Boot Environment" Targeted Agent Setting has it selected.

 

Additional Information

204413 "Configuring the Symantec Management Platform to use HTTP instead of SSL"

210187 "How to setup Software Portal to use HTTPS"

Attachments