Unencrypted connection to Endpoint Protection Manager database on console
search cancel

Unencrypted connection to Endpoint Protection Manager database on console

book

Article ID: 172457

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

Connection status of Symantec Endpoint Protection Manager (SEPM) database is showing as unencrypted on Advanced Threat Protection (ATP)/Symantec Endpoint Detection and Response (SEDR) console

Healthy [unencrypted connection]

Environment

This SEP DB status occurs after installing a self-signed, or local CA signed, certificate on your Microsoft SQL Server to encrypt communication with ATP 3.x or SEDR 4.x. 

Cause

The self-signed, or local CA signed certificate for the SEPM DB needs to be added to the ATP/SEDR keystore.

Resolution

If your security policy does not require connections to SEPM DB to be encrypted, no action is needed. The connection to the database is Healthy.

If your security policy requires connections to SEPM DB to be encrypted, please upload the .crt file following the below steps.

To upload the .crt file to EDR 4.5 or later

  1. On EDR console, go to Settings > Global, scroll down to the File Transfer section.
  2. Click Upload.
  3. Navigate to the .crt file.
  4. Click the .crt file, then click Open.
  5. Click Upload.

Then contact Broadcom Technical Support for assistance inserting the self-signed, or local CA signed certificate into the ATP/SEDR keystore.

Additional Information

Note: The upload steps also work to upload a .pem file to SEDR 4.4.