Endpoint Protection Manager unable to connect to SQL server after SSL certificate update
book
Article ID: 172384
calendar_today
Updated On:
Products
Endpoint Protection
Issue/Introduction
After renewing the server certificate on your SQL server the Symantec Endpoint Protection Manager (SEPM) is no longer able to connect. This behavior may not start until the SQL server has been rebooted.
stdout-0.log:
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Certificates does not conform to algorithm constraints".
Environment
SQL server using SSL
SEPM 14.0.x and 14.2.x
Cause
The Signature Algorithm of the SSL certificate used by the SQL server is not recognized by Java. In particular, RSASSA-PSS is not supported in Java 8.x.
https://bugs.java.com/view_bug.do?bug_id=8146293
Resolution
Request that the certificate be regenerated with a supported Signature Algorithm such as SHA512withRSA. RSASSA-PSS may not be used for any certificate in the chain.
A list of supported Signature Algorithms may be found here: https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#Signature