The server certificates for the software update servers used by Symantec Advanced Threat Protection platform will be renewed on May 1, 2020. Following the server certificate change, ATP 3.1 and earlier will not be able to perform software updates from the swupdate.brightmail.com servers.
The new server certificates are signed with a certificate authority which is not trusted by ATP 3.1 and earlier.
Legacy versions of the ATP do not have access to the Certificate Authority certificates (i.e. "Digicert" CA) that are being used to sign the certificates that are being deployed on the migrated servers. This will result in connection failures when the ATP attempts to establish sessions with the Broadcom servers.
ATP 3.1 and earlier
After the certificate change there is no resolution for ATP versions 3.1 or earlier. Customers attempting to update following the server certificate change will need to do a clean OVA Deployment or OSRestore to a supported SEDR release.
Due to schema changes, there is no supported mechanism by which a database backup of 3.0.5 or earlier can be imported into an SEDR 4.x installation.
ERROR aztec_registration - NSS error -8179 (SEC_ERROR_UNKNOWN_ISSUER)
Curl Error Message: Peer's Certificate issuer is not recognized.
Software update status not available.