In case, you want to use a public certificate on your Symantec Endpoint Detection and Response (EDR) Appliance (also known as ATP), you need to create a certificate file that includes all certificates from intermediate and the root certification authorities (CAs).
In our case, the certificate itself looks as follows:
When you click in the last tab of the window, you can see the so-called certificate chain. This is the description, which CA provided the certificate and which root CA is responsible for the certificate of the issuing CA:
So, in order to use this wildcard certificate with our appliance, we have to create a certificate file that contains three certificates:
- The certificate issued for our device (in this case a wildcard certificate).
- The certificate issued for the intermediate CA.
- The certificate issued for the root CA.
In order to do so, you should follow the following steps:
- Copy all certificates to a temporary folder.
- Create a new textfile.
- Open the device certificate (the one issued to your machine, or the wildcard certificate) with a text editor (i.e. Notepad ++).
- Copy the text between “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” (including these two lines!) to the newly created text file.
- Open the certificate for the intermediate CA with a text editor.
- Copy the text between “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” (including these two lines!) and paste is below the existing text into the newly created text file.
- Open the certificate for the root CA with a text editor.
- Copy the text between “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” (including these two lines!) and paste is below the existing text into the newly created text file.
The resulting file should look like this:
- Save the file as “chain.crt”.
- Log on to your EDR (ATP) appliance with administrative permissions and navigate to “Settings” – “Global” – “SSL Certificate”.
- Click on “Edit Certificate”.
- Select the certificate you just created and the private key for the device certificate.
- Click on “Upload”.
- Wait for the appliance to restart the web server and publish the information to the SEP Manager.