search cancel

Symantec Endpoint Security Installation Fails with an Error Related to Encryption Weakness


Article ID: 242066


Updated On:


Endpoint Security Complete


SES installation is failing on RHEL 8 due to the repository certificate being too weak.

Configuring Repo ( .. YUM Repo communication error: /===============================================================================================================================================================================================================================================\ | Updating Subscription Management repositories. | | Symantec Agent for Linux repository 0.0 B/s | 0 B 00:00 | | Errors during downloading metadata for repository 'SDCSS': | | - Curl error (60): Peer certificate cannot be authenticated with given CA certificates for [SSL certificate problem: EE certificate key too weak]

After running the following commands to test the linux repo and spoc connection, you see that the box seems to connect with the Symantec backend just fine, but when you try the installation, it fails with the above error.

curl -v

openssl s_client -tls1_2 -showcerts -tlsextdebug -connect


Release : SES 14.3 RU4

Component : SES installation.

OS: RHEL 8+.


The encryption mismatch between the TLS certificate bit length and the crypto policies on the box causes a failure to properly connect to Symantec's Linux repository servers.


When you consult with Red Hat Linux documentation, you see that changing the crypto policies to FUTURE requires that you use TLS certificates with a bit length greater than 3071.

DEFAULT remains the suitable option for contemporary, day to day business needs because 2048 bit key lengths represent the modern standard. Change your policy settings to DEFAULT and reference RSA and NIST documentation for further information and updates.

Additional Information

NIST and RSA prescribe the use of 2048 key bit lengths.

Please refer to the following document for more: