Hello,
Check this Article:
Contents of the Symantec Endpoint Protection 12.1 recovery file
http://www.symantec.com/docs/TECH162311
Certificates are the industry standard for authenticating and encrypting sensitive data. To prevent the reading of information as it passes through routers in the network, data should be encrypted.
To communicate with the clients, the management server uses a server certificate. For the management server to identify and authenticate itself with a server certificate, Symantec Endpoint Protection Manager encrypts the data by default. However, there are situations where you must disable encryption between the server and the client.
The management server supports the following types of certificates:
-
JKS Keystore file (.jks) (default)
A Java tool that is called keytool.exe generates the keystore file. The Java Cryptography Extension (.jceks) format requires a specific version of the Java Runtime Environment (JRE). The management server supports only a .jceks keystore file that is generated with the same version as the Java Development Kit on the management server.
The keystore file must contain both a certificate and a private key. The keystore password must be the same as the key password. You can locate the password in the following file:
Drive:\\Program Files\Symantec\ Symantec Endpoint Protection Manager\Server Private Key Backup\recovery_timestamp.zip. The password appears in the keystore.password= line.
-
PKCS12 keystore file (.pfx and .p12)
-
Certificate and private key file (.der and .pem format)
Symantec supports unencrypted certificates and private keys in the .der or the .pem format. .Pkcs8-encrypted private keys are not supported.
Secondly, Check this Article:
About server certificates
http://www.symantec.com/docs/HOWTO81145
Hope that helps!!