Symantec ATP Software Update Capabilities for versions prior to 3.2.

book

Article ID: 198276

calendar_today

Updated On:

Products

Advanced Threat Protection Platform

Issue/Introduction

The server certificates for the software update servers used by Symantec Advanced Threat Protection platform will be renewed on May 1, 2020. Following the server certificate change, ATP 3.1 and earlier will not be able to perform software updates from the swupdate.brightmail.com servers.

Cause

The new server certificates are signed with a certificate authority which is not trusted by ATP 3.1 and earlier.

Legacy versions of the ATP do not have access to the Certificate Authority certificates (i.e. "Digicert" CA) that are being used to sign the certificates that are being deployed on the migrated servers. This will result in connection failures when the ATP attempts to establish sessions with the Broadcom servers.

Environment

ATP 3.1 and earlier

Resolution

After the certificate change there is no resolution for ATP versions 3.1 or earlier. Customers attempting to update following the server certificate change will need to do a clean OVA Deployment or OSRestore to a supported SEDR release.

Due to schema changes, there is no supported mechanism by which a database backup of 3.0.5 or earlier can be imported into an SEDR 4.x installation.

Additional Information

ERROR aztec_registration - NSS error -8179 (SEC_ERROR_UNKNOWN_ISSUER)

Curl Error Message: Peer's Certificate issuer is not recognized.
Software update status not available.