No groups are displayed when attempting to add groups to the Symantec Endpoint Protection Manager (SEPM) Group Inclusions within the Symantec Endpoint Detection and Response (SEDR) appliance.

Entries similar to the following are noted in the central_manager.log:

ERROR RMI TCP Connection(31235)-127.0.0.1 (SepmRestApi.java:simpleRequest:440) Failed to get a response from the requested SEPM. Exception details : javax.net.ssl.SSLHandshakeException: Certificates do not conform to algorithm constraints
javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: Certificates do not conform to algorithm constraints
...
Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on keysize limits: RSA 1024 bit key used with certificate: CN=<CN>, OU=<OU>, O=<O>, L=<L>, ST=<ST>, C=<C>

SEDR 4.8 or newer

As of SEDR 4.8 certificates are required to have a minimum of keysize of at least RSA 2048.

1. Update the certificate on the SEPM (please see the document linked below)
2. Open the SEDR GUI
3. Navigate to Settings > Global >  Endpoint Communication Channel, SEP Policies, and Endpoint Activity Recorder
4. Click 'Add Server'
5. Enter the information SEPM required
6. Check the checkbox next to "Add SEPM SSL Certificate"
7. Click "Browse" and select the new SEPM certificate
8. Click "Next"
9. The SEPM Groups will now be displayed on the SEPM Group Inclusions page

Updating the server certificate on the management server without breaking communications with the client
https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/managing-the-client-server-connection-v26173180-d15e3300/update-the-server-certificate-on-the-management-se-v57256809-d15e4328.html