How to Renew the "DLP Root Certification Authority", "certificate_authority_v1.jks" keystore
search cancel

How to Renew the "DLP Root Certification Authority", "certificate_authority_v1.jks" keystore

book

Article ID: 239550

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention Core Package Data Loss Prevention Enforce Data Loss Prevention Discover Suite Data Loss Prevention Endpoint Suite Data Loss Prevention Enterprise Suite

Issue/Introduction

Error messages that may be associated with a need to renew your DLP Root Certification Authority...

 

The "DLP Root Certification Authority" certificate has expired, or otherwise needs to be renewed.

See the following KB article for more specific details...
https://knowledge.broadcom.com/external/article?articleNumber=233352

This certificate has expired or is not yet valid.

Resolution

How to Locate the DLP Root CA Certificate:

  1. Log into the Enforce Console
  2. System > Settings > General
  3. Scroll down to the "Endpoint and Network Discover Communications Settings"
  4. Here you will see a keystore name listed, this is the keystore that contains your DLP Root Certification Authority.
  5. Default Keystore Location and Name
    • C:\ProgramData\Symantec\DataLossPrevention\EnforceServer\15.8.00000\keystore\certificate_authority_v1.jks

 

How to update your DLP Root Certification Authority:

  1. Rename or remove the old "certificate_authority_v1.jks"
  2. Restart the DLP Services
  3. When the services come back online it will automatically recreate this missing certificate for you.
  4. You should now see a "certificate_authority_v2.jks" has been created.