Symantec Protection Engine (SPE) 8.2 does not start correctly after importing a certificate via the certinstall.jar. When restarting the service, the filesize of keystore.public is 0 bytes.

In Windows, the service hangs in a "starting" state.

In Linux, the service appears to start but is not listening on its expected ports (by default: 1344, 8004, 8006)

SPE 8.2

An internal issue causes keystore.public to be written as a 0 byte file, causing the service to fail to start correctly.

This issue has been resolved in SPE 8.2.1. Please upgrade to SPE 8.2.1 in order to import third-party certificates. If you are unable to upgrade at this time, you can follow the steps below to restore functionality.

1. Forcibly stop the symcscan process. On Windows, you may need to set the Startup Type for the service to "disabled".
2. Delete the following files from <SPE install dir> on Windows and <SPE install dir>/bin on Linux:
   • keystore.public
   • keystore.private
3. Start the Protection Engine service

This is applicable only for certificates imported for use with the local Java UI. It does not affect Secure ICAP. The steps above will cause SPE to generate a new certificate to use. SPE will not be using your imported certificate.

Managing SPE without the local Java console

SPE can also be managed either through the commandline or through the centralized console.

See the following link for information on managing SPE from the commandline:

https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/symantec-protection-engine/8-2/Core_server_only_mode_10/about-the-core-server-only-mode-v128491244-d4995e18688.html

See the following link for information on using the Centralized Console:

https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/symantec-protection-engine/8-2/Getting_Started_0/quick-start-checklist-of-tasks-to-perform-in-the-c-v127681228-d4995e32946.html