Some older versions of Linux agents may not be able to connect to CWP server.
Older Linux distribution may not contain CA trusted SSL certificates in Certificate Bundle
Determine if CA trusted certificate is installed. If not follow the suggested steps to install CA trusted certificate
Use the following command on the Linux instances to determine if a trusted CA certificate used in CWP server is installed:
echo | sudo openssl s_client -connect scwp.securitycloud.symantec.com:443
If the result of this command contains "Verify return code: 0 (ok)", the required CA certificate is installed on the system
If the result of this command contains "Verify return code: <none zero> (Error message)", the CA Root certificate is not installed on the system.
First download certificates from the issuing Certificate Authority.
Depending on the Linux platform and the OS version, perform the steps below to install the CA certificate on your Linux instances:
Download Certificates from the issuing Certificate Authority.
As of July 2020 the following list of certificates are in use with the CWP server and console. Please download these certificates in pem and crt formats.
Note: Symantec may change to a different set of certificates from time to time and the following download links may become invalid. Please contact technical support if the links are no longer valid.
DigiCertGlobalRootCA
https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem
https://cacerts.digicert.com/DigiCertGlobalRootCA.crt
DigiCertSHA2SecureServerCA
https://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt.pem
https://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt