Thanks John, So I don't need to change MSL from HTTPs to HTTP (8014) provided I have set it up like belowl
Priority-1 SEPM (Self-Signed)
Priority-2 SEPM (Self-Signed)
I don't need to change MSL from HTTPs to HTTP. I just need to change the certificate first on priority-2 SEPM. Once it is completed wait for 2-3 heartbeats.
After that change the certificate on Priority-1 SEPM.
Doing the above will ensure that SEP agents will not loose their connectivity with SEPM.
Am I right in this?
------------------------------
Symantec Enthusiast
------------------------------
Original Message:
Sent: 04-21-2021 12:43 PM
From: John Owens
Subject: SEPM Self-Signed Certificate
Correct. If you did not have the failover set up you would follow https://knowledge.broadcom.com/external/article/187099/update-the-server-certificate-on-the-man.html
------------------------------
John Owens
Strategic Support Engineer | Symantec Enterprise Division (SED)
Symantec
United States
Original Message:
Sent: 04-21-2021 12:39 PM
From: sulman mushaq
Subject: SEPM Self-Signed Certificate
Anyone???
------------------------------
Symantec Enthusiast
Original Message:
Sent: 04-21-2021 09:42 AM
From: sulman mushaq
Subject: SEPM Self-Signed Certificate
Hi Everyone. Currently we have 2 SEPMs with SQL database running off-box with version 14 MP1. Both SEPMs are using self-signed certificate and in the MSL is configured in the Load Balancing fashion with same priority. MSL is using HTTPs with port 443.
Now we have a requirement to update the self-signed certificate with a CA signed certificate on both SEPMs one-by-one.
Since we are going to change the certificate first on one SEPM it should not affect SEP agents communication as they should start communicating with the second SEPM server since it is there with the same priority.
After the certificate is updated on the first SEPM, we can then update it on the second SEPM.
Is this the right approach and process.
------------------------------
Symantec Enthusiast
------------------------------