ATP 3.x or EDR 4.x show a Health Status of Warning or Error for the Secure Endpoint Communication certificate
search cancel

ATP 3.x or EDR 4.x show a Health Status of Warning or Error for the Secure Endpoint Communication certificate

book

Article ID: 172871

calendar_today

Updated On: 04-09-2025

Products

Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

Advanced Threat Protection versions 3.0 and higher and Endpoint Detection 4.0 and higher may show a Health Status regarding the Secure Endpoint Communication certificate expiring or is expired.

Cause

The certificate that is expiring is the cert that ATP 2.3 and earlier used for securing the SEP Insight queries on port 8443. Since ATP version 3.0 and later, the ATP secures the Endpoint communication on port 443 with the same certificate as the web interface.

Resolution

The alert is only cosmetic, the certificate referenced in the message is not used in ATP versions 3.0 and later.

As this issue only impacts EDR appliances that were originally installed as Advanced Threat protection 2.x, Broadcom Engineering has no plan to address this issue in future releases. For further relief, please do one of the following:

  • Use as is, ignoring the cosmetic error
  • Contact support for manual recovery assistance -OR-
  • Reinstall with the latest EDR build



To reinstall with the latest EDR build

  1. If EDR is installed into VMWare as a Virtual Edition, check system requirements for EDR version 4.10 Virtual Edition, here:
    System requirements for the virtual appliance
    https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-detection-and-response/4-10/about-v96380626-d38e6/system-requirements-for-the-virtual-appliance-v96381064-d38e7045.html
  2. If you meet system requirements to install the latest build, prepare to re-image with the steps here:
    Pre-installation checklists for virtual appliances
    https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-detection-and-response/4-10/about-v96380626-d38e6/pre-installation-checklists-for-virtual-appliances-v133523886-d38e3453.html
  3. Re-image using the OVA:
    Reinstalling a virtual appliance
    https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-detection-and-response/4-10/about-v96380626-d38e6/reinstalling-a-virtual-appliance-v109793680-d38e12385.html
  4. If the EDR is installed on the S550 hardware:
    Re-installing Symantec EDR onto the S550 appliance from a USB stick
    https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-detection-and-response/4-10/about-v96380626-d38e6/re-installing-onto-the-550-appliance-from-a-usb-st-v133220428-d38e9067.html