Advanced Threat Protection Insight lookups fail over HTTPS when using a chained certificate

book

Article ID: 169951

calendar_today

Updated On:

Products

Endpoint Protection Advanced Threat Protection Platform

Issue/Introduction

When attempting to use a chained certificate with one or more intermediate certificates, Advanced Threat Protection (ATP) only utilizes the server certificate.  This results in web browsers not trusting the ATP website or Endpoint Protection (SEP) clients failing to trust ATP for Insight lookups.  

Cause

ATP 2.0 does not have the ability to import certificate chains.  ATP 2.0 will only utilize the server certificate.

Resolution

This issue is resolved with ATP 3.0.

For ATP 2.0, if you need to use a certificate with one or more intermediate certficates, you will need to add the intermediate certificate(s) manually to all of the clients or deploy them via Group Policy (GPO).  See the following Microsoft technet article for deploying certificates via GPO.  

Deploy Certificates by Using Group Policy