When you open an incident and release the email using a Flex Response rule you got an error:
FlexResponse Action Failed
[Email Quarantine Connect Approve Action] failed with message: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The same error is showed in DLP Tomcat log.
The error is due to the client certificate used by DLP not being properly configured in Messaging Gateway.
This issue may be resolved by importing the correct certificate into Messaging Gateway via the Control Center Administration > Certificates > Applications page as described in Importing an application certificate and ensuring that DLP trusts the TLS certificate used by the SMG Control Center web application.
Note: you may need to restart Control Center on SMG to apply the changes after importing the Enforce certificate.
https://techdocs.broadcom.com/us/en/symantec-security-software/email-security/messaging-gateway/10-7-3/Administration_-_Settings_10/importing-an-application-certificate-v71088623-d419e1545.html