ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Endpoint Protection Manager unable to connect to SQL server after SSL certificate update
Article ID: 172384
After renewing the server certificate on your SQL server the Symantec Endpoint Protection Manager (SEPM) is no longer able to connect. This behavior may not start until the SQL server has been rebooted.
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Certificates does not conform to algorithm constraints".
The Signature Algorithm of the SSL certificate used by the SQL server is not recognized by Java. In particular, RSASSA-PSS is not supported in Java 8.x.
SQL server using SSL
SEPM 14.0.x and 14.2.x
Request that the certificate be regenerated with a supported Signature Algorithm such as SHA512withRSA. RSASSA-PSS may not be used for any certificate in the chain.
A list of supported Signature Algorithms may be found here: https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#Signature