Your initial cloud certificate was installed when you registered your cloud detector, and you see that it is expiring or has expired. 

You wish to know how this impacts the service, and how to renew the certificate.

Certificates expire 3 years from the date that you install them.

After your cloud certificate expires, cloud detection continues, but your Enforce Server is disconnected from the cloud service. Since it is disconnected, the Enforce Server cannot send policy updates or receive incidents. You must apply the certificate renewal bundle to enable the Enforce Server to reconnect to the DLP Cloud Service.

Starting with Symantec Data Loss Prevention 15.5, certificate renewal is automatic.

However, there are times when you need to follow the below instructions to renew your certificate:

To renew a cloud certificate with a bundle from Technical Support

1. Obtain the certificate renewal bundle from the email that you received from Symantec.
2. Locate the Enforce Server with the ID that is indicated in the Cloud Certificate Renewal letter that you received from Symantec.
3. Log on to that Enforce Server as Administrator.
4. Save the certificate renewal bundle zip file to a directory on your Enforce Server. You can also save it to another location that is accessible from the Enforce Server administration console.
5. Navigate to System > Settings > General. You can see the Expires on date under Cloud Certificate.
6. Click Install certificate. The Install a Cloud Certificate page lists your cloud detectors, your current certificate expiration, and a New Certificate Bundle File field.
7. Click Browse and select the certificate renewal bundle zip file that you saved to the Enforce Server in step 2.
8. Click Upload Bundle. The Enforce Server installs the new certificate.

To verify that the new certificate is installed

1. Navigate to the System > Settings > General page.
2. Scroll down to the Cloud Certificate section.
3. Confirm that the Validity field shows an Expires on date approximately 3 years in the future.

To get more information on the pending expiration, successful installation, and other events regarding your cloud certificate

1. Go to System > Servers and Detectors > Overview.
2. Click Enforce Server under Servers and Detectors.
3. Scan All Recent Events on the Server / Detector Detail page for messages that are related to the installation of your renewal certificate.

Certificates are valid for 3 years from the date that you install them.

Note: The certificate renewal bundle zip file is valid for 10 days after it is generated. If the file expires before you install it, request a new certificate renewal bundle zip file from Symantec Support. 

If the renewal process has not been successful, see MPKI certificate errors in Servers and Detectors Overview for the Enforce Server (broadcom.com).