Endpoint Protection

 View Only

  • 1.  Upgrade Endpoint Protection 1024 bit certificates

    Posted Sep 30, 2014 05:57 AM

    Hello,

    my vulnscanner detected some high severity findings due to the certificate length on ports 8444, 8445, 8446.

    My question is, these are the certificates between Server - Client communication right?

    This article here: http://www.symantec.com/business/support/index?page=content&id=HOWTO81146 is the correct way to update the certificates to 2048 bits or I should look for something else?

    Thanks in advance for the help.

     



  • 2.  RE: Upgrade Endpoint Protection 1024 bit certificates

    Posted Sep 30, 2014 06:06 AM

    You need to enable SSL certificate

    Enabling SSL communications between a Symantec Endpoint Protection Manager and its clients

    Article:TECH162326 | Created: 2011-06-14 | Updated: 2013-11-12 | Article URL http://www.symantec.com/docs/TECH162326

    How Symantec Endpoint Protection uses encryption and certificates

    Article:TECH210852 | Created: 2013-09-24 | Updated: 2013-10-18 | Article URL http://www.symantec.com/docs/TECH210852


  • 3.  RE: Upgrade Endpoint Protection 1024 bit certificates

    Broadcom Employee
    Posted Sep 30, 2014 07:35 AM

    Hi,

    My question is, these are the certificates between Server - Client communication right?

    --> In this KB you get more details about port info: http://www.symantec.com/docs/TECH163787

     

    8444 TCP Symantec Protection Center (SPC) 2.x SemSvc.exe This is the Symantec Endpoint Protection Manager web services port. SPC 2.x makes Data Feed and Workflow requests to Symantec Endpoint Protection Manager over this port.
    8445 TCP Reporting Console httpd.exe (Apache) Added in 12.1.x. HTTPS reporting console.

     This article http://www.symantec.com/docs/HOWTO81146 is the most latest article & applicable for SEP 12.1 RU5.

     

     



  • 4.  RE: Upgrade Endpoint Protection 1024 bit certificates

    Posted Sep 30, 2014 09:59 AM

    I see. So from my understanding these ports / services are relying on the certificate that is generated following this article -> http://www.symantec.com/docs/HOWTO81146 correct?



  • 5.  RE: Upgrade Endpoint Protection 1024 bit certificates

    Broadcom Employee
    Posted Sep 30, 2014 10:03 AM

    I think answer is 'Yes'.



  • 6.  RE: Upgrade Endpoint Protection 1024 bit certificates

    Posted Oct 01, 2014 11:48 AM

    So, the update procedure didn't work. I mean a new certificate was generated, but it is still 1024 bits...

    Can anyone provide me with more info about how I can generate 2048 bit certificates for the manager?

    Thanks.



  • 7.  RE: Upgrade Endpoint Protection 1024 bit certificates
    Best Answer

    Posted Oct 02, 2014 01:28 AM

    see this articles

    Responding to Symantec Endpoint Protection Manager certificate compromises

    Article:TECH216584  | Created: 2014-04-10  | Updated: 2014-04-18  | Article URL http://www.symantec.com/docs/TECH216584


  • 8.  RE: Upgrade Endpoint Protection 1024 bit certificates

    Posted Oct 02, 2014 08:49 AM

    Exactly what I needed. Thanks James007.