Server Certificate Security Warning while logging to Endpoint Protection Manager

book

Article ID: 220424

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

The following warning appears while logging into Symantec Endpoint Protection Manager (SEPM):

Warning - Security
Server Certificate is not present in your trusted store.
Do you want to trust the certificate?

It appears every time when logging to SEPM console even after clicking on "Accept" or "Accept Always".

Following error is found in scm-ui.log:

STDOUT: LoginPanel> login>> Non smartcard based authentication.
GUIManager INFO: GUIManager> login>> Setting up communicator. isSmartCardBasedAuth: false
STDOUT: ConsoleSSLSocketFactory> loadCertificate>> Non certificate based login.
STDOUT: CustomSSLSocketFactory> Is trustedCerts null ? : true, popup: true, isSmartCardAuth: false
STDOUT: ServerCertUtil> readCreateStorePasswd>> Unable to read the Storepasswd from file: E:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\server.xml
STDOUT: ServerCertUtil> getCertificate>> Error getting store path file. Exception: E:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\keystore.jks (Access is denied)
STDOUT: ConsoleSSLSocketFactory> loadCertificate>> Default server certificate is null.
STDOUT: UserCertStoreUtil.getCertificatedFromStore(). Error while loading cert store. deleting the cert store
STDOUT: UserCertStoreUtil.getCertificatedFromStore(). cert store could not be deleted
STDOUT: ConsoleSSLSocketFactory> loadCertificate>> Server certificate in userStore is null.

Cause

Permission issue on "keystore.jks" file.

Default Folder: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\etc

Environment

SEPM version 14.3 and above

Resolution

Add the following users accounts to have Full Control access to 'keystore.jks' file:
SYSTEM
Administrators
semapisrv
semsrv
semwebsrv

Attachments