ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Endpoint Protection Manager unable to connect to SQL server after SSL certificate update

book

Article ID: 172384

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

After renewing the server certificate on your SQL server the Symantec Endpoint Protection Manager (SEPM) is no longer able to connect. This behavior may not start until the SQL server has been rebooted. stdout-0.log:
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Certificates does not conform to algorithm constraints".

Cause

The Signature Algorithm of the SSL certificate used by the SQL server is not recognized by Java. In particular, RSASSA-PSS is not supported in Java 8.x.
https://bugs.java.com/view_bug.do?bug_id=8146293

Environment

SQL server using SSL
SEPM 14.0.x and 14.2.x

Resolution

Request that the certificate be regenerated with a supported Signature Algorithm such as SHA512withRSA. RSASSA-PSS may not be used for any certificate in the chain.

A list of supported Signature Algorithms may be found here: https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#Signature