When using a certificate signed by an internal Certificate Authority with your Endpoint Protection Manager (SEPM), Linux clients fail to connect to the SEPM.  This error occurs when using the option to "Verify certificate when using HTTPS protocol" in the Management Server List. 

debug.log on the client shows the following error:

2020-11-23T22:16:54.174UTC -239076544 DEBUG cve.sylinkcommunicator [2020-Nov-23 22:16:54.174016] [DEBUG] Attempting connection to server <server name>
2020-11-23T22:16:54.174UTC -239076544 DEBUG cve.sylinkcommunicator [2020-Nov-23 22:16:54.174729] [DEBUG] Attempting to get Index2.xml file. 
2020-11-23T22:16:54.175UTC -239076544 DEBUG util.httpsender [2020-Nov-23 22:16:54.175116] [DEBUG] setting private CA bundle path = /etc/symantec/sep/sepfl.pem 
2020-11-23T22:16:54.175UTC -239076544 DEBUG util.httpsender [2020-Nov-23 22:16:54.175142] [DEBUG] Providing self signed CA (In-Memory) to CURL library 
2020-11-23T22:16:54.175UTC -239076544 DEBUG util.httpsender [2020-Nov-23 22:16:54.175159] [DEBUG] CURLOPT_SSL_VERIFYPEER option is set to 1 
2020-11-23T22:16:54.175UTC -239076544 DEBUG util.httpsender [2020-Nov-23 22:16:54.175183] [DEBUG] CURLOPT_SSL_VERIFYHOST option is set to 2 
2020-11-23T22:16:54.269UTC -239076544 WARN util.httpsender [2020-Nov-23 22:16:54.269352] [WARN ] Error in sending (60) SSL certificate problem: unable to get local issuer certificate 
2020-11-23T22:16:54.270UTC -239076544 INFO cve.sylinkcommunicator [2020-Nov-23 22:16:54.270020] [INFO ] Heartbeat failed 
2020-11-23T22:16:54.270UTC -239076544 WARN cve.sylinkcommunicator [2020-Nov-23 22:16:54.270133] [WARN ] Failed to connect to server <server name>. NetException 

This error occurs because the issuing certificate authority that signed the SEPM's certificate is not trusted by the client.

The Endpoint Protection (SEP) client stores its trusted root certificates in sepfl.pem located in /etc/symantec/sep. To resolve this issue, ensure that the file exists on the file system and verify that the SEPM's root certificate authority certificate is listed in the file. (Default sepfl.pem is attached to this article if it is missing.) If the SEPM's root certificate authority certificate is not in sepfl.pem, append it to the bottom of the file.

Appending the certificate can be done in many ways. Below is an example of one method that may work for you though we recommend managing the procedure in accordance with your organization's policies and procedures.

First, move a copy of the root certificate to the Linux machine.

While in the /etc/symantec/sep/ directory:

cp sepfl.pem sepfl.pem.old
cat sepfl.pem rootca.crt > sepfl.pem

Where rootca.crt is the directory and name of the root certificate.

example:

cat sepfl.pem /tmp/rootca.crt > sepfl.pem

Then restart the SEP linux agent daemons

How to restart the Endpoint Protection Linux daemons
https://knowledge.broadcom.com/external/article/151271/how-to-restart-the-endpoint-protection-l.html

You can confirm that the root certificate is added to the sepfl.pem file by using the diff command.

diff --normal sepfl.pem sepfl.pem.old

The difference should be the content of the root certificate.