By Default, the Enforce self-signed console certificate expires in 10 years.

You can create a new self signed certificate for 10 years or even longer period say 23 years, if needed using following steps:

1. On the Enforce Server, using an Administrator command prompt, go to the C:\Program Files\AdoptOpenJRE\<JRE version>\bin directory.

2. Enter this command" keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore c:\temp\.keystore -validity NNN -storepass protect -dname "cN=common_name, O=organization_name, Ou=organization_unit, L=city, S=state, C=XX"

Where NNN is number of days. 

3. Copy the updated .keystore file into the C:\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\protect\tomcat\conf directory.
4. Restart the Symantec DLP manager service on the enforce server.