Log Viewer also populate with the Exception "InvalidCertificateException: Certificate chain is invalid"
Symantec Installation Manager, error:
"services failed to restart to refresh licenses."
can not get the license.
System.Exception: Certificate chain is invalid.
at RemoveLegacyLicense.LegacyLicenseUtil.Verify(X509Certificate2 certificate)
"InvalidCertificateException: Certificate chain is invalid"
Microsoft released a critical update (KB 2661254) on August 14, 2012, that ends support for certificates using the RSA algorithm that has key lengths less than 1024 bits. Shorter keys have been deemed more vulnerable to brute force attacks due to continued advances in computer processing capabilities. After applying Microsoft’s update, all certificates with key lengths less than 1024 bits will be treated as invalid. Any application that calls into the operating system to validate the digital certificates will receive an invalid certificate response whereas previously it would pass the validation.
use certutil.exe to set the lower limit of permitted RSA Public Key Lengths from 1024 bits to 512 bits:
certutil -setreg chain\minRSAPubKeyBitLength 512
Uninstall Microsoft update (KB 2661254), and Restart the Server because the License will be only seen after restart.
and apply the licenses to Symantec Installation Manager.
Get new licenses from Symantec License portal.
Title: Altiris IT Management Suite or Symantec-based Endpoint Management solutions may be affected - Microsoft Update (KB 2661254)
Symantec Management Platform 7.0, 7.1
Imported Document ID: TECH198685
Subscribing will provide email updates when this Article is updated. Login is required.