The document will explain how to generate and add new Detection Server certificates using SSLkeytool.
To generate new Detection Server certificates:
1. Log on to the Enforce Server computer using the "protect" user account that you created during Symantec Data Loss Prevention installation.
If you are not able to login as the protect user and get the following error, then perform the steps given in the link Remote desktop connection "The local policy of this system does not permit you to logon interactively" http://support.microsoft.com/kb/289289
2 From a command window: go to the <InstallDir\Protect\bin> directory where the sslkeytool utility is stored.
3 Create a directory in which you will store the new detection server certificate files. For example: