Endpoint Protection Manager unable to connect to SQL server after SSL certificate update
Article ID: 172384
After renewing the server certificate on your SQL server the Symantec Endpoint Protection Manager (SEPM) is no longer able to connect. This behavior may not start until the SQL server has been rebooted.
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Certificates does not conform to algorithm constraints".
SQL server using SSL
SEPM 14.0.x and 14.2.x
The Signature Algorithm of the SSL certificate used by the SQL server is not recognized by Java. In particular, RSASSA-PSS is not supported in Java 8.x.
Request that the certificate be regenerated with a supported Signature Algorithm such as SHA512withRSA. RSASSA-PSS may not be used for any certificate in the chain.
A list of supported Signature Algorithms may be found here: https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#Signature