search cancel

EDR 4.5 upgrade replaces customer imported certificate

book

Article ID: 203226

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

Upgrading Endpoint Detection and Response (EDR) to version 4.5 replaces customer imported certificate with a self-signed certificate. As a result, Symantec Endpoint Protection (SEP) clients lose connection to the EDR appliance.

Environment

Release : 4.5.0-807

 

Cause

NET::ERR_CERT_INVALID

- Build 4.5.0-807 was available on the upgrade repositories from 09-NOV-2020 to 19-NOV-2020.

- Customers that upgrade their EDR appliances after 19-NOV-2020 will receive 4.5.0-814, where this issue does not occur.

 

Resolution

To confirm an instance of SEDR appliance is not impacted

  1. At the CLI of the SEDR appliance with the management server role, type:
    show -v

  2. If output from show -v includes "4.5.0-814" or later, you have already upgraded past the package that contained the upgrade defect. No further action required.
  3. Type:
    update list

  4. If the output from update list includes "4.5.0-814" or later, the SEDR appliance is able to see a package in the upgrade repository which does not contain the upgrade defect. No further action is necessary. The SEDR appliance can be upgraded to 4.5.0 without replacing custom inserted certificates.

 

To workaround

  1. In the UI of the SEDR appliance console, re-insert the previously inserted certificate.
  2. If symptoms persist, remove and re-create the SEPM Controller Connection for the SEP clients which have lost communication to the SEDR Appliance. 
  3. In Settings> Global, on the "SEP Policy" section of the SEPM Controller configuration, change the URL to match the CN value contained in the new Self Signed Certificate.
  4. Try another browser