Follow

How To: Bulk Export/Import Certificates from Symantec

 

APPLIES TO: All Versions

SUMMARY:

This article covers the steps required to bulk export certificates from Symantec, followed by the instructions necessary to import those certificates into the Venafi Trust Protection Platform database. This will leverage the Venafi Server Agent’s ability to discover and upload certificates into the TPP database.

NOTE: For the purposes of the instructions in this article, it is assumed that you have the necessary credentials to access Symantec’s Managed PKI for SSL Control Center.

OVERVIEW

The bulk import process follows these high-level steps. Details for each step are documented below.

  1. Export certificates from the Symantec Managed PKI for SSL Control Center
  2. Parse LDIF export file
  3. Import certificates into Venafi Trust Protection Platform using Venafi Server Agent

EXPORT CERTIFICATES FROM THE SYMANTEC MANAGED PKI FOR SSL CONTROL CENTER

From a browser, access the Symantec PKI for SSL Control Center using the following URL:

https://enterprise-ssl-admin.websecurity.symantec.com/cgi-bin/getorder.exe

From the Symantec Control Center Home screen, select Certificate Management at the top of the page.

Screen_Shot_2018-04-23_at_3.39.12_PM.png

From the Certificate Management screen, click Update LDAP Directory located on the left of the page.

Screen_Shot_2018-04-23_at_3.39.42_PM.png

From the Update Directory screen, for the Type of LDIF option select the All Valid radio button. You will then enter the certificate date range for all certificates that you would like to export. Once this information has been provided, enter the Email Address of where you would like this file sent and click Submit.

Screen_Shot_2018-04-23_at_3.46.24_PM.png

After a few moments, you will receive an email from Symantec Support providing a link to download the requested LDIF file. Save this file to the system which will be scanned using the Venafi Server Agent.

Screen_Shot_2018-04-24_at_4.41.27_PM.png

PARSE THE LDIF EXPORT FILE

To parse the LDIF file, you will need to either contact Customer Support, or make a request through your Professional Services consultant. Venafi has proprietary tools which are able to parse the LDIF file and output the certificates as individual .crt files. This way, they can be easily imported using the Agent Bulk Import process described in the next section.https://support.venafi.com/hc/en-us/articles/115007237667-How-to-Export-Symantec-Certificates-1-56-

 

IMPORT CERTIFICATES INTO VENAFI TRUST PROTECTION PLATFORM USING VENAFI SERVER AGENT

This process leverages the Venafi Server Agent’s ability to discover and upload certificates into the TPP database.  This process also properly prevents any attempt to import ‘duplicate’ certificates into the database. For instructions on performing a bulk import into TPP, please use the following link:

https://support.venafi.com/hc/en-us/articles/224586287-Bulk-Import-Certificates-to-TPP

For instructions on how to import bulk certificates on versions prior to 17.2, use the link below:

https://support.venafi.com/hc/en-us/articles/115000676312-Bulk-Import-Certificates-to-TPP-Prior-to-17-2-

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments