APPLIES TO: All Versions
SUMMARY:
This article covers the steps required to bulk export certificates from Symantec, followed by the instructions necessary to import those certificates into the Venafi Trust Protection Platform database. This will leverage the Venafi Server Agent’s ability to discover and upload certificates into the TPP database.
NOTE: For the purposes of the instructions in this article, it is assumed that you have the necessary credentials to access Symantec’s Managed PKI for SSL Control Center.
OVERVIEW
The bulk import process follows these high-level steps. Details for each step are documented below.
- Export certificates from the Symantec Managed PKI for SSL Control Center
- Parse LDIF export file
- Import certificates into Venafi Trust Protection Platform
EXPORT CERTIFICATES FROM THE SYMANTEC MANAGED PKI FOR SSL CONTROL CENTER
From a browser, access the Symantec PKI for SSL Control Center using the following URL:
https://enterprise-ssl-admin.websecurity.symantec.com/cgi-bin/getorder.exe
From the Symantec Control Center Home screen, select Certificate Management at the top of the page.
From the Certificate Management screen, click Update LDAP Directory located on the left of the page.
From the Update Directory screen, for the Type of LDIF option select the All Valid radio button. You will then enter the certificate date range for all certificates that you would like to export. Once this information has been provided, enter the Email Address of where you would like this file sent and click Submit.
After a few moments, you will receive an email from Symantec Support providing a link to download the requested LDIF file. Save this file to the system which will be scanned using the Venafi Server Agent.
PARSE THE LDIF EXPORT FILE
To parse the LDIF file, you will need to either contact Customer Support, or make a request through your Professional Services consultant. Venafi has proprietary tools which are able to parse the LDIF file and output the certificates as individual .crt/.cer files.
IMPORT CERTIFICATES INTO VENAFI TRUST PROTECTION PLATFORM
With the feature release of the Adaptable CA driver in version 19.1, the Trust Protection Platform is able to integrate with a multitude of Certificate Authorities and perform various functions utilizing API/SDK endpoints and custom PowerShell scripts. For instructions on importing certificates to TPP, please use the following link:
https://support.venafi.com/hc/en-us/articles/360029921031-Importing-Certificates-from-Symantec-MPKI
In versions 18.4 and earlier, this process leverages the Venafi Server Agent’s ability to discover and upload certificates into the TPP database. This process also properly prevents any attempt to import ‘duplicate’ certificates into the database. For instructions on performing a bulk import into TPP, please use the following link:
https://support.venafi.com/hc/en-us/articles/224586287-Bulk-Import-Certificates-to-TPP
For instructions on how to import bulk certificates on versions prior to 17.2, use the link below:
Comments