search cancel

How to Renew the "DLP Root Certification Authority"


Article ID: 239550


Updated On:


Data Loss Prevention Data Loss Prevention Core Package Data Loss Prevention Enforce Data Loss Prevention Discover Suite Data Loss Prevention Endpoint Suite Data Loss Prevention Enterprise Suite


The "DLP Root Certification Authority" certificate has expired, or otherwise needs to be renewed.

This certificate has expired or is not yet valid.


How to Locate the DLP Root CA Certificate:

  1. Log into the Enforce Console
  2. System > Settings > General
  3. Scroll down to the "Endpoint and Network Discover Communications Settings"
  4. Here you will see a keystore name listed, this is the keystore that contains your DLP Root Certification Authority.
  5. Default Keystore Location and Name
    • C:\ProgramData\Symantec\DataLossPrevention\EnforceServer\15.8.00000\keystore\certificate_authority_v1.jks


How to update your DLP Root Certification Authority:

  1. Rename or remove the old "certificate_authority_v1.jks"
  2. Restart the DLP Services
  3. When the services come back online it will automatically recreate this missing certificate for you.
  4. You should now see a "certificate_authority_v2.jks" has been created.