Certificate pinning is a security mechanism using which the connection between a server and a client is secured against attackers and fraudulent certificates. For more information, you can read the document Certificate Pinning.
After you install the Cloud Workload Protection agent, the agent establishes SSL connections with a few Symantec servers.
An attacker might present a fraudulent certificate on behalf of these servers and impersonate as a legitimate entity. To eliminate this risk, the Cloud Workload Protection agent contains a set of certificates that it uses to validate the authenticity of these connections. To establish the connections, the agent validates the server certificates with the ones that are preinstalled in the agent.
Certificate pinning might not work in environments where the communication between the Cloud Workload Protection agent and server happens through proxy servers. If you use proxy server and have certificate pinning enabled, we recommend you to disable certificate pinning.
Certificate pining is disabled by default in the Cloud Workload Protection agents. To configure certificate pinning, the Cloud Workload Protection agent must already be installed on the instance.
To enable or disable certificate pinning
Log on to the instance where you want to configure certificate pinning.
On the instance, navigate to the location where you have kept the Cloud Workload Protection agent installation package.
If you do not have the agent installation package:
Open command prompt and run the relevant command with root or Administrative privilege: