After upgrading a Symantec Embedded Security: Critical System Protection manager from 1.0.1 to 6.5 or 7.0, fresh installed 6.5 or 7.0 agents will not register.

The same can also work in reverse, where the Manager is fresh installed 6.5 or 7.0, but the agents were upgraded from 1.0.1 or earlier.

The cipher types for the certificates changed from SECSP 1.0.1 to 6.5, from JKS to PKCS12.

When the manager is upgraded from 1.0.1 to 6.5 or newer, the cipher versions do not change.
However, when a fresh install of the manager is done, the cipher is installed directly as PKCS12.

Also, when agents are upgraded from 1.0.1 to 6.5 or newer, the cipher versions also do not change.

Perform a full reinstall the manager and database without upgrading. The cipher will then be at PKCS12.

New certs can be generated and imported into the agents to allow for communication.