In SEP 14.3 RU1 or later, administrators will receive an email from the Symantec Endpoint Protection Manager (SEPM) 30 days before the SQL Server Certificate will expire. An email will also be sent when the certificate expires. After the certificate expires, you'll no longer be able to login to the SEPM.
The 30 day notification will have the subject line.
The Symantec Endpoint Protection Manager's SQL Server Certificate expires within 30 days
If the certificate has expired, the notification will contain the following text.
Subject: The Symantec Endpoint Protection Manager can not connect to the Database
Server name: <name>
Server IP: <IP>
Symantec Endpoint Protection Manager (SEPM) cannot connect to the Microsoft SQL Server database because SQL Server uses a certificate that Windows does not trust. Therefore, you must import the certificate that SQL Server uses into the Local Machine Certificate Store (Trusted Root Certification Authorities) of the Windows system where the management server is installed and restart the management server service.
14.3 RU1 and later.
SQL Server Certificate is 30 days from expiring or has already expired
Confirm the details of the expiration notice: is it for the SEPM or the SQL database server?
If the SEPM was installed together with SQL Express on the same machine then they share the same certificate: follow the steps to update the server certificate without breaking communication and be sure to run the SEPM's Management Server Configuration Wizard afterwards so that SQL Express also gets the updated certificate. The SEPM will show an error on login and the top 3 tabs but should allow you to log in and complete this process.
Do NOT follow the instructions above if the expiration notice is for a standalone SQL server database certificate—the SEPM has nothing to do with the management of that certificate. Use Microsoft's instructions instead: Certificate Management (SQL Server Configuration Manager
If the certificate is still valid, but you've received the 30 day notification, then update the server certificate using the appropriate steps above.
If the certificate has already expired, the following steps can be taken to correct the issue.