Can I import an SSL certificate into ATP to analyse SSL traffic to/from ATP to Symantec's public content servers?
search cancel

Can I import an SSL certificate into ATP to analyse SSL traffic to/from ATP to Symantec's public content servers?

book

Article ID: 164619

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

Can I import an SSL certificate into Advanced Threat Protection (ATP) Platform to permit a proxy to analyse the SSL traffic from ATP to/from Symantec's public content servers?

Cause

ATP checks for a specific certificate from Symantec's public content servers and telemetry servers. ATP will disconnect from any TCP connection where it receives the wrong certificate.

Resolution

 

Instead of importing an SSL certificate into ATP Platform to de-crypt conversations between ATP and Symantec content servers, Symantec supports permitting ATP appliances to connect to Symantec's public content servers.

 

 To permit ATP appliances to connect to Symantec's public content servers and telemetry servers, do one of the following:

  • Whitelist the management interface of each ATP appliance within any inline device that de-crypts SSL or TLS traffic.
  • Route traffic from the management interface of each ATP appliance so that it bypasses the inline device that decrypts SSL traffic.