Hello,
Could you please ensure that the SEPM and the SEP client on the system are the same version.
Secondly, One solution known to resolve the issue is to manually import the self-signed SSL certificate into the certificate store of the impacted clients. Information on how to do this is covered in the following Microsoft Article:
http://windows.microsoft.com/en-US/windows-vista/Import-or-export-certificates-and-private-keys
Another solution would be to use an SSL certificate signed by a Certificate Authority (CA), rather than a self-signed certificate.
Also, check this Thread: http://www.symantec.com/connect/forums/server-certificate-not-present-your-trusted-store
Hope that helps!!