search cancel

You are seeing the error: "Managed PKI Service certificate has expired" in DLP


Article ID: 215463


Updated On:


Data Loss Prevention Cloud Detection Service Data Loss Prevention


You are seeing the "System Event Code 4206 - Managed PKI Service certificate has expired" on Symantec DLP Enforce (System > Servers and Detectors > Overview).

You have used the DLP Cloud Detection Service (CDS) in the past but are not using it anymore.



This happens because, even though you are no longer using CDS, the certificates are still stored in the enforce_keystore.jks.


Release : 15.8

Component : Cloud Detection Service


  1. Create a backup of the enforce_keystore.jks
    Windows: C:\ProgramData\Symantec\DataLossPrevention\EnforceServer\<version>\keystore (default)
    Linux: /var/Symantec/DataLossPrevention/EnforceServer/<version>/keystore/

  2. Remove the original enforce_keystore.jks
    An empty one will be create by the SymantecDLPMonitorController Service.

  3. Restart the Enforce services.

Additional Information

This has been filed as a defect, DLP-44120, to be fixed in a future release of DLP.

For those who are still using the Cloud Service, and seeing this or similar alerts, see related article: MPKI certificate errors in Servers and Detectors Overview for the Enforce Server (