You edit the httpd.conf file to enable secure communication between the Symantec Endpoint Protection Manager server and the clients using the HTTPS protocol.
If you need to use an alternate port for secure communication, you must change the port assignment in Symantec Endpoint Protection Manager first.
For new installations of Symantec Endpoint Protection 14, HTTPS client-server communications is enabled by default. If you upgrade to version 14 from a version of 12.1, then the settings for client-server communication carry over. HTTPS client-server communications is not enabled by default for version 12.1.
To enable HTTPS for the Apache web server
In a text editor, open the following file:
SEPM_Install by default is C:\Program Files\Symantec\Symantec Endpoint Protection Manager.
For the 32-bit systems that run 12.1.x, it is C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager.
Find the following text string and remove the hash mark (#):
Save and then close the file.
Restart the Symantec Endpoint Protection Manager Webserver service.
Stopping and restarting the Symantec Endpoint Protection Manager Webserver service also stops and restarts the Symantec Endpoint Protection Manager service.
To verify HTTPS works correctly
Enter the following URL in a web browser:
Where SEPMServer is the server host name for Symantec Endpoint Protection Manager and port is the HTTPS port number. By default, HTTPS traffic uses port 443.
If the browser displays the word OK, the HTTPS connection is successful.
If a page error displays, repeat the previous steps and check that you formatted all strings correctly. Also check that you entered the URL correctly.
If you did not update the management server with a certificate authority-signed certificate and private key pair, the web browser displays a warning that the certificate is not trusted. The same warning appears when you access the website from a URL that is different than the subject name on the management server certificate, which is expected.
To switch the clients to use HTTPS for communication with Symantec Endpoint Protection Manager
In the Symantec Endpoint Protection Manager console, on the Policies tab, click Policy Components > Management Server Lists.
Double-click the management server list that your client groups and locations use. If you only have the default management server list, duplicate it, and then double-click the new list to edit it.
You can also click Add a Management Server List, under Tasks. Add the server information under Management Servers, Add > New Server. You can add one New Server entry for server IP address, and one for server name.
Click Use HTTPS protocol.
Only click Verify certificate when using HTTPS protocol if you have previously updated the management server with a Certificate Authority-signed certificate and a private key pair.
If you used a custom HTTPS port number in the sslForClients.conf file, edit the server from the list of management servers. Click Customize HTTPS port, and then edit the port to match the number you previously used.
Click OK to save the custom port.
Click OK to save your management server list.
If you edited a copy of the default management server list, right-click it, click Assign, and then assign it to every group and location.
As the clients receive the updated management server list, the clients switch to HTTPS for communication with Symantec Endpoint Protection Manager. The change on the client side can take up to three heartbeat intervals to complete.
Confirm client communication to the management server
On the Symantec Endpoint Protection client, click Help > Troubleshooting > Server Connection Status.
Under Last Attempted Connection and Last Successful Connection, confirm the display of both the server address and the port number for HTTPS communications.
Click Connect Now to force an immediate connection, if desired.