What Certificates, keystores and keys are used on Symantec Data Loss Prevention OCR (Optical Character Recognition) Servers, version 15.x.

DLP 15.x

OCR Servers(only supported on Windows)

Default Windows keystore Path: <DRIVE>:\SymantecDLPOCR\Protect\keystore\ocr_keystore.jks

Default Private Key Alias: ocrserver

Default Detection Server Alias: det_cert

Default keystore password: symantecocr

OCR Clients(DLP Detection Servers, supported on Windows or Linux)

Default Windows Path: <DRIVE>:\Program Files\Symantec\DataLossPrevention\DetectionServer\<version>\Protect\keystore\det_ocr_keystore.jks

Default Detection Server Alias: detserver

Default OCR Server Alias: ocr_cert

Default keystore password: symantecocr

-------------------------------------------------------------------------------------------

Starting from build 16.0, the OCR servers are no longer using a keystore file.
Instead, the “...\Program Files\Symantec\DataLossPrevention\OCRServer\<version>\Protect\keystore” directory now contains a .key file with raw key material, and two .crt files - a client and a server certificate. 

Below are links to the online help pages that describes how to configure TLS trust between OCR server and DLP detection server in versions 16.0.x:

https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/data-loss-prevention/16-0/about-data-loss-prevention-policies-v27576413-d327e9/setting-up-TLS-trust.html

https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/data-loss-prevention/16-0-1/about-data-loss-prevention-policies-v27576413-d327e9/setting-up-TLS-trust.html 

https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/data-loss-prevention/16-0-2/about-data-loss-prevention-policy-authoring/setting-up-tls-trust.html