Symantec Endpoint Protection 12.1 client is unable to download content from a LiveUpdate Administrator distribution point which uses self-signed SSL certificate.
|Article:TECH183115|||||Created: 2012-03-06|||||Updated: 2012-05-31|||||Article URL http://www.symantec.com/docs/TECH183115|
Symantec Endpoint Protection (SEP) 12.1 clients are configured to download definitions from a LiveUpdate Administrator (LUA) 2.x Distribution Center (DC) which has been configured to use HTTPS with a self-signed SSL certificate.
The Log.Lue file from the SEP client contains the following lines:
* Failed to connect to HTTPS server * Error statement: >> Server certificate does not chain to a valid trusted root in certificate store. * Error code 0x00000008, File: minitri.flg Server selection failed for server HTTPS://<address of distribution point>/ on port 443. * Download Error for minitri.flg. SERVER DOES NOT EXIST or some network issue. * Server Selection Failed. * Error downloading files. Error Code: 0x8D04802A
SEP 12.1 RU1
LUA Distribution Point (using HTTP) running on IIS, configured with a self-signed SSL certificate.
Internet security settings in the environment prohibit the trust of self-signed SSL certificates.
One solution known to resolve the issue is to manually import the self-signed SSL certificate into the certificate store of the impacted clients. Information on how to do this is covered in the following Microsoft Article:
Another solution would be to use an SSL certificate signed by a Certificate Authority (CA), rather than a self-signed certificate.
Please Note: This article pertains to SEP 12.1. It is not supported for SEP 11 clients to retrieve content from a LUA DC that uses HTTPS.
Article URL http://www.symantec.com/docs/TECH183115