search cancel

HTTPS certificates related error (3c) SSL certificate problem: unable to get local issuer certificate

book

Article ID: 253638

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

After updating the Symantec Endpoint Protection Manager [SEPM] with the new certificates, the Symantec Endpoint Protection [SEP] client failed to communicate with SEPM
The Connection status of the SEP GUI shows  "Error: SSL Public key does not match pinned public key"

 

CVE logs show below errors 
2022-Sep-13 19:29:43.372144] [DEBUG] CertificateProvider Begins [thread:1ac8]
[2022-Sep-13 19:29:43.373688] [DEBUG] CertificateProvider: Likely duplicate detected in building cert list. [thread:1ac8]
[2022-Sep-13 19:29:43.373688] [DEBUG] CertificateProvider: Likely duplicate detected in building cert list. [thread:1ac8]
[2022-Sep-13 19:29:43.374780] [DEBUG] CertificateProvider: Likely duplicate detected in building cert list. [thread:1ac8]
[2022-Sep-13 19:29:43.374780] [DEBUG] CertificateProvider: Likely duplicate detected in building cert list. [thread:1ac8]
[2022-Sep-13 19:29:43.375276] [DEBUG] CertificateProvider Finished [thread:1ac8]
[2022-Sep-13 19:29:43.394911] [WARN ] HTTPS certificates related error (3c) SSL certificate problem: unable to get local issuer certificate [thread:1ac8]
[2022-Sep-13 19:29:43.434288] [DEBUG] Reload OS Certificates and try again! [thread:1ac8] 

Environment

SEPM 14.x, using Third party/CA signed intermediate or chain certificate 

If your SEPM certificate has the signature/issuer path of one or more intermediate CAs (Certificate Authorities), like:

RootCA> IntermediateCA1> IntermediateCA2> etc> myserver.example.net 

 

Cause

SEPM was updated with the new certificate but was missing the chain/intermediate certificate.

Resolution

Follow the step mentioned in the document Add Certificate Chain to Endpoint Protection Manager