search cancel

ATP 3.x or EDR 4.x show a Health Status of Warning or Error for the Secure Endpoint Communication certificate

book

Article ID: 172871

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

Advanced Threat Protection versions 3.0 and higher and Endpoint Detection 4.0 and higher may show a Health Status regarding the Secure Endpoint Communication certificate expiring or is expired.

Cause

The certificate that is expiring is the cert that ATP 2.3 and earlier used for securing the SEP Insight queries on port 8443. Since ATP version 3.0 and later, the ATP secures the Endpoint communication on port 443 with the same certificate as the web interface.

Resolution

The alert is only cosmetic, the certificate referenced in the message is not used in ATP versions 3.0 and later.

As this issue only impacts EDR appliances that were originally installed as Advanced Threat protection 2.x, Broadcom Engineering has no plan to address this issue in future releases. For further relief, please do one of the following:

  • Use as is, ignoring the cosmetic error
  • Contact support for manual recovery assistance -OR-
  • Reinstall with the latest EDR build


To reinstall with the latest EDR build
1. If EDR is installed into VMWare as a Virtual Edition, check system requirements for EDR version 4.3 Virtual Edition, here:
   - SYMANTEC EDR 4.3 HELP: System requirements for the virtual appliance
     http://techdocs.broadcom.com/content/broadcom/techdocs/us/en/symantec-security-software/endpoint-security-and-management/endpoint-detection-and-response/4-3/INSTALL_AND_SET_UP_2/system-requirements-for-the-virtual-appliance-v96381064-d38e7045.html#v96381064

2. If you meet system requirements to install the latest build, prepare to re-image with the steps here:
   - Preparation checklist for re-installing ATP 3.x
     https://knowledge.broadcom.com/external/article?legacyId=TECH250717

3. If EDR is installed on Dell legacy hardware, osrestore using an ISO
   - Title: Re-image ATP8880 by inserting an osrestore DVD-ROM
     https://symwisedownload.symantec.com//resources/sites/SYMWISE/content/live/DOCUMENTATION/11000/DOC11183/en_US/satp_administration_guide_3.2.pdf?__gda__=1539352820_e6707dd9b6220cbaa6cb701af9140e72#v109793675

   - Title: Re-image ATP8880 remotely by mapping an iso as a network drive via iDRAC
     https://knowledge.broadcom.com/external/article?legacyId=HOWTO111549

4. If EDR is installed as a virtual edition, re-deploy using an OVA:
   - Title: Reinstalling SEDR VE
     URL: https://symwisedownload.symantec.com//resources/sites/SYMWISE/content/live/DOCUMENTATION/11000/DOC11183/en_US/satp_administration_guide_3.2.pdf?__gda__=1539371113_bfb59306905e7616e78d2e5e249cdab7#v109793680

Attachments