Updating or restoring a server certificate

The server certificate encrypts and decrypts files between the server and the client. The client connects to the server with an encryption key, downloads a file, and then decrypts the key to verify its authenticity. If you change the certificate on the server without manually updating the client, the encrypted connection between the server and the client breaks.
You must update the server certificate in the following situations:
  • You reinstall
    Symantec Endpoint Protection Manager
    without using the recovery file. You update the certificate to restore a previous certificate that clients already use.
  • You replace one management server with another management server and use the same IP and server name.
  • You apply the wrong server certificate (.JKS) after disaster recovery.
  • You purchased a different certificate and want to use that certificate instead of the default .JKS certificate.
  1. To update or restore a server certificate
  2. In the console, click
    Admin
    , and then click
    Servers
    .
  3. Under
    Servers
    , under
    Local Site
    , click the management server for which you want to update the server certificate.
  4. Under
    Tasks
    , click
    Manage Server Certificate
    , and then click
    Next
    .
  5. In the
    Manage Server Certificate
    panel, click
    Update the server certificate
    , click
    Next
    , and then click
    Yes
    .
    To maintain the server-client connection, disable secure connections.
  6. In the
    Update Server Certificate
    panel, choose the certificate you want to update to, and then click
    Next
    .
  7. For each certificate type, following the instructions on the panels, and click
    Finish
    .
    Backup server certificates are in
    SEPM_Install
    \Server Private Key Backup\recovery_
    timestamp
    .zip
    . You can locate the password for the keystore file in the
    settings.properties
    file within the same
    .zip
    file. The password appears in the
    keystore.password=
    line.
    SEPM_Install
    by default is C:\Program Files\Symantec\
    Symantec Endpoint Protection Manager
    .
    For the 32-bit systems that run 12.1.x, it is C:\Program Files (x86)\Symantec\
    Symantec Endpoint Protection Manager
    .
  8. You must restart the following services to use the new certificate:
    • The
      Symantec Endpoint Protection Manager
      service
    • The
      Symantec Endpoint Protection Manager
      Webserver service
    • The
      Symantec Endpoint Protection Manager
      API service (As of 14)