Renew expiring cloud certificates

book

Article ID: 173719

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Detection Service Data Loss Prevention Cloud Service for Email Data Loss Prevention Cloud Detection Service for ICAP Data Loss Prevention Cloud Detection Service for REST

Issue/Introduction

Your initial cloud certificate was installed when you registered your cloud detector. Certificates expire 3 years from the date that you install them. You will receive an email from Symantec when your certificate expiration is pending. 


Note: The certificate renewal bundle zip file is valid for 10 days after you receive this email. If the file expires before you install it, request a new certificate renewal bundle zip file from Symantec Support.  After your cloud certificate expires, cloud detection continues, but your Enforce Server is disconnected from the cloud service. Since it is disconnected, the Enforce Server cannot send policy updates or receive incidents. You must apply the certificate renewal bundle to enable the Enforce Server to reconnect to the DLP Cloud Service.

Resolution


Follow these instructions to renew your certificate.

To renew a cloud certificate

  1. Obtain the certificate renewal bundle from the email that you received from Symantec.
  2. Locate the Enforce Server with the ID that is indicated in the Cloud Certificate Renewal letter that you received from Symantec.
  3. Log on to that Enforce Server as Administrator.
  4. Save the certificate renewal bundle zip file to a directory on your Enforce Server. You can also save it to another location that is accessible from the Enforce Server administration console.
  5. Navigate to System > Settings > General. You can see the Expires on date under Cloud Certificate.
  6. Click Install certificate. The Install a Cloud Certificate page lists your cloud detectors, your current certificate expiration, and a New Certificate Bundle File field.
  7. Click Browse and select the certificate renewal bundle zip file that you saved to the Enforce Server in step 2.
  8. Click Upload Bundle. The Enforce Server installs the new certificate.

To verify that the new certificate is installed

  1. Navigate to the System > Settings > General page.
  2. Scroll down to the Cloud Certificate section.
  3. Confirm that the Validity field shows an Expires on date approximately 3 years in the future.

To get more information on the pending expiration, successful installation, and other events regarding your cloud certificate

  1. Go to System > Servers and Detectors > Overview.
  2. Click Enforce Server under Servers and Detectors.
  3. Scan All Recent Events on the Server / Detector Detail page for messages that are related to the installation of your renewal certificate.

Certificates are valid for 3 years from the date that you install them. If you upgrade to Symantec Data Loss Prevention 15.5 before you renew the certificate, you must renew the certificate after you upgrade.


Note: The certificate renewal bundle zip file is valid for 10 days after you the receive this email. If the file expires before you install it, request a new certificate renewal bundle zip file from Symantec Support. 

 

Additional Information

Starting with new installations of Symantec Data Loss Prevention 15.5, certificate renewal is automatic.