Symantec Endpoint Protection (SEP) clients are configured to download definitions from a LiveUpdate Administrator (LUA) 2.x Distribution Center (DC) which has been configured to use HTTPS with a self-signed SSL certificate.
The Log.Lue file from the SEP client contains the following lines:
* Failed to connect to HTTPS server * Error statement: >> Server certificate does not chain to a valid trusted root in certificate store. * Error code 0x00000008, File: minitri.flg Server selection failed for server HTTPS://<address of distribution point>/ on port 443. * Download Error for minitri.flg. SERVER DOES NOT EXIST or some network issue. * Server Selection Failed. * Error downloading files. Error Code: 0x8D04802A
Internet security settings in the environment prohibit the trust of self-signed SSL certificates.
One solution known to resolve the issue is to manually import the self-signed SSL certificate into the certificate store of the impacted clients. Information on how to do this is covered in the following Microsoft Article:
Another solution would be to use an SSL certificate signed by a Certificate Authority (CA), rather than a self-signed certificate.
LUA Distribution Point (using HTTP) running on IIS, configured with a self-signed SSL certificate.