You are looking for the steps to confirm if the deployed DCS agent certificate is matching the server-cert.ssl. 

Follow the steps below to confirm if deployed DCS agent certificate is matching the server certificate. 

Windows

1. Copy the keystore file from {drive}:\Program Files (x86)\Symantec\Data Center Security Server\Agent\IPS\certs to the temporary location. 

2. Rename keystore file to agent-cert.cer 

3. Double click and open the certificate 

4. Check certificate serial number and thumbprint. 

Linux

1. Copy the keystore file from /opt/Symantec/sdcssagent/IPS/certs to /tmp

2. Rename the file to keystore.cer

3. Execute the command below:

openssl x509 -noout -text -in '/tmp/keystore.cer'

4. Take details of serial number and thumbprint.

If openssl is not installed you can export the keystore to the Windows machine and rename it to .cer extension and follow the step 3 and 4 from the Windows section.  

DCS Management Server 

1. On the DCS Management Server navigate to {drive}:\Program Files (x86)\Symantec\Data Center Security Server\Server\jre\bin

2. Execute the command below:

keytool -list -v -keystore "{drive}:\Program Files (x86)\Symantec\Data Center Security Server\Server\server-cert.ssl"

Enter keystore password 

The keystore password can be retrieved from server.xml located under {drive}:\Program Files (x86)\Symantec\Data Center Security Server\Server\tomcat\conf

3. After entering the keystore password you will be able to view DCS server certificate serial number and fingerprint and compare them with the agent certificate serial and thumbprint to confirm if they are matching. 

After completing the validation the copy of the keystore file can be deleted.