The server certificate encrypts and decrypts files between the server and the client. The client connects to the server with an encryption key, downloads a file, and then decrypts the key to verify its authenticity. If you change the certificate on the server without manually updating the client, the encrypted connection between the server and the client breaks.
You must update the server certificate in the following situations:
You reinstall Symantec Endpoint Protection Manager without using the recovery file. You update the certificate to restore a previous certificate that clients already use.
In the Update Server Certificate panel, choose the certificate you want to update to, and then click Next.
For each certificate type, following the instructions on the panels, and click Finish.
Backup server certificates are in SEPM_Install\Server Private Key Backup\recovery_timestamp.zip. You can locate the password for the keystore file in the settings.properties file within the same .zip file. The password appears in the keystore.password= line.
SEPM_Install by default is C:\Program Files\Symantec\Symantec Endpoint Protection Manager.
For the 32-bit systems that run 12.1.x, it is C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager.
You must restart the following services to use the new certificate:
The Symantec Endpoint Protection Manager service
The Symantec Endpoint Protection Manager Webserver service
The Symantec Endpoint Protection Manager API service