Protection Engine fails to communicate with the cloud console.

Reviewing the cafagent.logs shows an error message "The certificate chain was issued by an authority that is not trusted"

This issue impacts older versions of the SPE installer, as the CAF agent on these older versions enables certificate pinning by default.

Newer versions do not use certificate pinning, and thus will trust the new DigitCert signed certificate.

Our primary recommendation is to upgrade to our latest release, 8.2.2.

If you're unable to upgrade right away, you can disable certificate pinning to allow communication with the console:

1. Open CAFConfig.ini in the text editor.
Windows: C:\Program Files\Symantec\Common Agent Framework\CAFConfig.ini
Linux: /etc/caf/CAFConfig.ini

2. Remove the following two lines:
[ssl-config]
Https_CertFilePath=certs
and save the file.

3. Restart the Symantec CAF service.

The SPE instances should now communicate with the cloud console as expected.