from SEP 12.1 onwards it is stored, please find this information
The recovery file includes the encryption password, keystore files, default domain ID, certificate files, license files, and port numbers. After you install the management server, copy the compressed recovery file to another computer. By default, the file is located in the following directory:
Drive:\\Program Files\Symantec\ Symantec Endpoint Protection Manager\Server Private Key Backup\recovery_timestamp.zip
■ The recovery file only stores the default domain ID; IDs for all domains (including the default domain) are stored in the database. If you have multiple domains and will be performing a disaster recovery without a database backup, you must re-add additional domains and their IDs after the SEPM is re-installed. See step 3 for instructions on backing up additional domain IDs.
■ If you update the self-signed certificate to a different certificate type, the management server creates a new recovery file. Because the recovery file has a timestamp, you can tell which file is the latest file.