When you start the setup wizard from a browser, Symantec Advanced Threat Protection (ATP) generates a self-signed SSL certificate for ATP Manager. You can use this certificate to encrypt all ATP Manager sessions. For better security, however, Symantec recommends that you install a certificate that is created specifically for your ATP appliance. Make sure a trusted Certificate Authority signs the certificate.
The following procedure describes how to import a trusted Certificate Authority certificate. Each physical appliance or virtual appliance must have its own unique certificate.
Certificates may be CRT or CER format, with DER or PEM encoding. Only certificates with RSA keys are supported. Keys should not be pass phrase protected. They are encrypted within ATP.
Validation is done after the bundle is uploaded. To complete the validation, the following are required:
Self-signed server certificate
Server certificate that root CA signed. Bundle of (server cert + root CA)
Server certificate that an intermediate CA signed - can be multiple intermediate CA. Bundle of (server cert + intermediate CAs + root CA)
To secure access to ATP Manager
Copy the certificate and key to a location that you can browse to from ATP Manager.
In ATP Manager on the Settings > Global page, scroll down to SSL Certificate.
Click Edit Certificate.
Click Browse beside the Certificate field. Navigate to and select your certificate.
Click Browse beside the Unencrypted Private Key field. Navigate to and select your key.
Repeat steps 3 through 6 on each browser that is used to access ATP Manager.