Symantec Endpoint Protection 12.1 client is unable to download content from a LiveUpdate Administrator distribution point which uses self-signed SSL certificate.
Last Updated May 31, 2012
Symantec Endpoint Protection (SEP) 12.1 clients are configured to download definitions from a LiveUpdate Administrator (LUA) 2.x Distribution Center (DC) which has been configured to use HTTPS with a self-signed SSL certificate.
The Log.Lue file from the SEP client contains the following lines:
* Failed to connect to HTTPS server
* Error statement:
>> Server certificate does not chain to a valid trusted root in certificate store.
* Error code 0x00000008, File: minitri.flg
Server selection failed for server HTTPS://<address of distribution point>/ on port 443.
* Download Error for minitri.flg. SERVER DOES NOT EXIST or some network issue.
* Server Selection Failed.
* Error downloading files. Error Code: 0x8D04802A
Internet security settings in the environment prohibit the trust of self-signed SSL certificates.
One solution known to resolve the issue is to manually import the self-signed SSL certificate into the certificate store of the impacted clients. Information on how to do this is covered in the following Microsoft Article: