After upgrading DLP 16.1, any new detection server added to the console does not report a version and its status is unknown.
DLP 16.1
An SSL Keystore mismatch with Enforce will cause the following WARNING in the SymantecDLPEnforceConnector log:
WARNING:
javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
Caused by: java.security.SignatureException: Signature does not match.
This warning may occur even when the monitor.<timestamp>.sslkeystore file is present in the detection servers keystore directory.
DLP 16.1 introduces more control over which keystore file to use for securing Enforce to Detection server communications.
Available options include:
Because of the added control, additional configuration is required when adding a new detector to the Enforce console.
Refer to the DLP 16.1 Help Center (broadcom.com) for creating new custom keystores or custom keystores with third party certificates.