If you have a proxy server in your environment and you try to enroll the Symatne Protection Engine scanner with centralized cloud console, you may encounter the following issues:
Scanner enrollment fails.
Scanner enrollment succeeds but CAF service stops functioning.
Scanner enrollment succeeds but centralized cloud console does not receive events.
Certificate pinning does not work correctly when communication between CAF (Common Agent Framework) and centralized cloud console (CWP Server) happens through a proxy. The certificate chain sent by server is not correctly received across proxy. Either proxy modifies the chain or sends its own certificate.
To resolve this issue, you must disable the certificate pinning.
Take a backup of CAFStorage.ini file and delete it. Windows: C:\ProgramFiles\Symantec\CommonAgentFramework\CAFStorage.ini Linux: /opt/Symantec/cafagent/bin/CAFStorage.ini Note: Skip the steps 1 and 2 if the scanner is not enrolled yet.
Open CAFConfig.ini in the text editor. Windows: C:\Program Files\Symantec\Common Agent Framework\CAFConfig.ini Linux: /etc/caf/CAFConfig.ini
Remove the following two lines: [ssl-config] Https_CertFilePath=certs