An error is returned when attempting to upload a newly generated SEPM to the EDR appliance.  The error is generic and states that the certificate could not be uploaded or installed.

A look in central_manager.log (extracted from a generated and downloaded diagnostic report) shows the following entry for each failed attempt:

ERROR org.springframework.amqp.rabbit.config.ListenerContainerFactoryBean#0-1 (EventForwarderClientImpl.java:executeRequest:162) IOException: Unable to validate webhook host. javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Release : 4.7, 4.8

The error from the log "unable to find valid certification path..." tells where to look. An examination of the certificate showed explicitly that the certificate was expired or not yet valid. Or there might be a problem with one of the certificates in the path such as the signing certificate.

Since the name was the same as the old certificate the person trying to upload the certificate had copied the old one over the top of the new one accidentally.

Generated/issued a new certificate that had not yet expired and the problem was resolved.