Trying to request your own certificates with a third-party certificate vendor instead of using the self-signed ones that are created during the initial installation of the Symantec Management Platform (SMP).
What does Altiris require with CA certificates?
ITMS 8.x
The following information can be found in our online documentation:
Requirements and Usage of Third-party Commercial Certificates
Requirements for third-party certificates |
|
Requirement |
Description |
Digital signature |
The certificate has a valid digital signature. |
Trust |
The certificate is issued by Certificate Authority which is trusted by the Notification Server computer. Note that for the site server the Certificate Authority must also be trusted by the client computers |
Validity |
The certificate is valid at least for 30 days from the import date. |
Enhanced Key Usage |
The Enhanced Key Usage value of the certificate is Server Authentication OID (1.3.6.1.5.5.7.3.1). |
Subject name or subject alternate name |
The requirements for subject name or subject alternate name are as follows:
Subject or subject alternate name matches the Notification Server computer Fully Qualified Domain Name.
Subject or subject alternate name matches the Notification Server computer Fully Qualified Domain Name.
Subject or subject alternate name matches the Notification Server computer domain name. For example, if Notification Server's FQDN is ns.example.com, the certificate subject or alternate subject should contain *.example.com
Subject or subject alternate name matches the site server computer Fully Qualified Domain Name. For Cloud-enabled Management (CEM), the certificate has to be issued for an FQDN that can be resolved internally and by the Internet gateway. Third-party vendors require that the top-level domain name in the FQDN is a public domain. |
Hashing algorithm |
The certificate uses one of the following hashing algorithms:
|
Asymmetric algorithm |
The certificate uses the RSA asymmetric algorithm. |
File format |
.pfx |
NOTE: While not specifically mentioned above, 2048 bit certificates are sufficient.
Before you use a third-party commercial SSL certificate within Symantec Management Platform infrastructure, make sure that the certificate fulfills the technical requirements. Each type of third-party commercial certificates has to comply with the general requirements for SSL certificates and the specific requirements, like the import procedure.
For detailed description and import procedure for a given certificate, see the following:
NOTE: A wildcard SSL certificate does not provide additional functionality for the Symantec Management Platform. It is used to provide HTTPS connection to a number of subdomains. Due to that fact, its requirements and import procedure are different.