Server Certificate Security Warning while logging to Endpoint Protection Manager
Article ID: 220424
Updated On:
Products
Endpoint Protection
Issue/Introduction
The following warning appears while logging into Symantec Endpoint Protection Manager (SEPM):
Warning - Security Server Certificate is not present in your trusted store. Do you want to trust the certificate?
It appears every time when logging to SEPM console even after clicking on "Accept" or "Accept Always".
Following error is found in scm-ui.log:
STDOUT: LoginPanel> login>> Non smartcard based authentication. GUIManager INFO: GUIManager> login>> Setting up communicator. isSmartCardBasedAuth: false STDOUT: ConsoleSSLSocketFactory> loadCertificate>> Non certificate based login. STDOUT: CustomSSLSocketFactory> Is trustedCerts null ? : true, popup: true, isSmartCardAuth: false STDOUT: ServerCertUtil> readCreateStorePasswd>> Unable to read the Storepasswd from file: E:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\server.xml STDOUT: ServerCertUtil> getCertificate>> Error getting store path file. Exception: E:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\keystore.jks (Access is denied) STDOUT: ConsoleSSLSocketFactory> loadCertificate>> Default server certificate is null. STDOUT: UserCertStoreUtil.getCertificatedFromStore(). Error while loading cert store. deleting the cert store STDOUT: UserCertStoreUtil.getCertificatedFromStore(). cert store could not be deleted STDOUT: ConsoleSSLSocketFactory> loadCertificate>> Server certificate in userStore is null.
Environment
SEPM version 14.3 and above
Cause
Permission issue on "keystore.jks" file.
Default Folder: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\etc
Resolution
Add the following users accounts to have Full Control access to 'keystore.jks' file:
SYSTEM
Administrators
semapisrv
semsrv
semwebsrv
Feedback
Yes
No
Powered by
