Updating or restoring a server certificate
The server certificate encrypts and decrypts files between the server and the client. The client connects to the server with an encryption key, downloads a file, and then decrypts the key to verify its authenticity. If you change the certificate on the server without manually updating the client, the encrypted connection between the server and the client breaks.
You must update the server certificate in the following situations:
- You reinstallSymantec Endpoint Protection Managerwithout using the recovery file. You update the certificate to restore a previous certificate that clients already use.
- You replace one management server with another management server and use the same IP and server name.
- You apply the wrong server certificate (.JKS) after disaster recovery.
- You purchased a different certificate and want to use that certificate instead of the default .JKS certificate.
- To update or restore a server certificate
- In the console, clickAdmin, and then clickServers.
- UnderServers, underLocal Site, click the management server for which you want to update the server certificate.
- UnderTasks, clickManage Server Certificate, and then clickNext.
- In theManage Server Certificatepanel, clickUpdate the server certificate, clickNext, and then clickYes.To maintain the server-client connection, disable secure connections.
- In theUpdate Server Certificatepanel, choose the certificate you want to update to, and then clickNext.
- For each certificate type, following the instructions on the panels, and clickFinish.Backup server certificates are in. You can locate the password for the keystore file in theSEPM_Install\Server Private Key Backup\recovery_timestamp.zipsettings.propertiesfile within the same.zipfile. The password appears in thekeystore.password=line.SEPM_Installby default is C:\Program Files\Symantec\Symantec Endpoint Protection Manager.For the 32-bit systems that run 12.1.x, it is C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager.
- You must restart the following services to use the new certificate:
- TheSymantec Endpoint Protection Managerservice
- TheSymantec Endpoint Protection ManagerWebserver service
- TheSymantec Endpoint Protection ManagerAPI service (As of 14)