v14.3 [May 7, 2020]
Fixed the following issues when Symantec Endpoint Protection Manager uses public CA-signed certificates as a result of adding Transport Layer Security (TLS) host name validation in 14.3 RU8:
The Symantec Endpoint Protection Manager installation and upgrade requires that the management server name must also match one or more of the Subject Alternate Names (SANs) that are listed in the server certificate. In addition, the server name must use a valid host name, fully qualified domain name (FQDN), or IP address. If the server name and the SAN do not match, you must rename the server before you can continue.
See: Troubleshooting when the Symantec Endpoint Protection Manager blocks you from logging on or upgrading when the server name does not match the server certificate (14.3 RU9 or later)
If Symantec Endpoint Protection Manager detects that the replication partner host name or IP address does not match one or more of the SANs for Symantec Endpoint Protection Manager, Symantec Endpoint Protection Manager allows the upgrade. After the upgrade, you can reenable verification for increased security.
To access this option, right-click the replication partner site, click Edit Replication Partner Properties, and clear the Disable verification of the partner server hostname option.
To fix this issue, see: Symantec Endpoint Protection Manager detected that the configured replication partner requires certificate verification to be disabled (14.3 RU9 or later)
When you log on to the Symantec Endpoint Protection Manager, you may see the following message about server certificates:
The server certificate could not be validated.
This message was in earlier releases, but provides additional information about why you see this error, including: You changed the computer hostname or IP address, or updated the server certificate recently. You need to use a valid hostname or IP address that matches your server certificate to log on to the Symantec Endpoint Protection Manager.
