You are seeing the error: "Managed PKI Service certificate has expired" in DLP
search cancel

You are seeing the error: "Managed PKI Service certificate has expired" in DLP

book

Article ID: 215463

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Detection Service Data Loss Prevention

Issue/Introduction

You are seeing the "System Event Code 4206 - Managed PKI Service certificate has expired" on Symantec DLP Enforce (System > Servers and Detectors > Overview).

You have used the DLP Cloud Detection Service (CDS) in the past but are not using it anymore.

 

Environment

Release : 15.8

Component : Cloud Detection Service

Cause

This happens because, even though you are no longer using CDS, the certificates are still stored in the Java Keystore file, enforce_keystore.jks.

Resolution

  1. Create a backup of the enforce_keystore.jks
    Windows: C:\ProgramData\Symantec\DataLossPrevention\EnforceServer\<version>\keystore (default)
    Linux: /var/Symantec/DataLossPrevention/EnforceServer/<version>/keystore/

  2. Remove the original enforce_keystore.jks
    An empty one will be create by the SymantecDLPMonitorController Service.

  3. Restart the Enforce services.

Additional Information

This has been filed as a defect, DLP-44120, to be fixed in a future release of DLP.

For those who are still using the Cloud Service, and seeing this or similar alerts, see related article: MPKI certificate errors in Servers and Detectors Overview for the Enforce Server (broadcom.com)