Content is blocked in the Symantec Endpoint Protection Manager Web console

book

Article ID: 155863

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Part of all of the Symantec Endpoint Protection Manager (SEPM) Web console is missing when viewed in a Web browser. You may see an error message or warning relating to certificates.

You may see one of the following warnings:

Browser Warning Message
Internet Explorer There is a problem with this website’s security certificate.
Google Chrome Your connection is not private
Mozilla Firefox

This Connection is Untrusted

 

Cause

This happens when the certificate used to secure the connection to the Symantec Endpoint Protection Manager (SEPM) is not trusted by the Web browser. If the certificate is considered invalid, the browser will warn the user, or block access to the site depending on individual browser configurations.

The default certificate used by the manager is not trusted. It is self-signed against the manager's Fully Qualified Domain Name (FQDN). The NETBIOS name, and the IP addresses assigned to each Network Interface Card (NIC) on the computer are included as Subject Alternative Name (SAN) entries on the certificate as well. The certificate does not include SAN entries for localhost, or 127.0.0.1.

Resolution

Prevent these warnings using the following steps:

  1. Update the default self-signed certificate used by your manager to a trusted Certificate Authority (CA) signed certificate using Best practices for updating server certificates and maintaining the client-server connection.
  2. Access the SEPM Web console using the one of the addresses in the CN or SAN fields of the certificate.

If you can't obtain a trusted CA-signed certificate, work around the problem by using the following steps:

  1. Install the manager's self-signed certificate to your local browser using How to install the certificate for Symantec Endpoint Protection Manager or Protection Center for web console access.
  2. Access the SEPM Web console using the one of the addresses in the CN or SAN fields of the certificate.