After configuring Symantec Protection Engine (SPE) to use Secure ICAP, you attempt to test SPE using the Java version of the ssecls test tool. Output from ssecls includes:

<<<<<<<<<<<<<<<<<<<<<< SSE Command Line Scanner Application Start >>>>>>>>>>>>>>>>>>>>

In Legacy processing mode
Newer implementation requested by user
ERROR: Unknown error in execution : Unable to send data to the server.
<<<<<<<<<<<<<<<<<<<<<< SSE Command Line Scanner Application End >>>>>>>>>>>>>>>>>>>>

SPE 9.x

The Java keystore does not contain the proper certs.

This issue has two possible solutions:

1. Add the SPE certificate to the Java keystore or;
2. Utilize the C version of ssecls which includes an option not verify the certificate
   1. Using the command line navigate to the C version of ssecls:
      • Windows:
        

        cd <SPE_INSTALL_FOLDER\CmdLineScanner\C

      • Linux
        

        cd <SPE_INSTALL_FOLDER/ssecls/C

   2. Execute the sscecls command
      
      • Windows:
        

        ssecls.exe -server <SPE_IP/HOSTNAME>:11344:0:true -secure true -verifycert false <Path_to_file_to_scan>

      • Linux:
        

        ./ssecls -server <SPE_IP/HOSTNAME>:11344:0:true -secure true -verifycert false <Path_to_file_to_scan>

The parameter -verifycert false  causes the C version of ssecls to skip checking the certificate.

To run the C version with full certificate verification, use syntax similar to the following:

./ssecls -server <SPE_IP/HOSTNAME>:11344:0:true -secure true -verifycert true -cacertfile "<PATH_TO>\<CA_CERT>.pem" -clientcert "<PATH_TO>/<CLIENT>.cer" -clientpvtkey "<PATH_TO>/<PRIVATE>.key" -pvtkeypass "<PASSWORD>" <Path_to_file_to_scan>