When viewing the Organization Keys on the Organization tab, you receive the following message:
Organization Certificate Expired -or- Organization Certificate is about to expire.
This means the organization certificate has expired or is about to expire. Please remove, replace, or regenerate it as soon as possible.
An Organization Certificate is required for S/MIME support. You can only have one Organization Certificate attached to your Organization Key. You will not be able to restore from a backup with more than one Organization Certificate associated with your Organization Key.
The Organization Key will automatically renew itself one day before its expiration date. However, the Organization Certificate must be regenerated manually.
Note: A self-signed Organization Certificate will have the same expiration date as the Organization Key, unless the Organization Key is set never to expire. If the Organization Key will never expire, the Organization Certificate will expire 10 years from the date you generate it.
You must regenerate the Organization Certificate before it expires and distribute the new Certificate to anyone who uses your old Organization Certificate as a trusted root CA.
The Symantec Encryption Management Server (SEMS) will automatically generate certificates as well as keys for new internal users created after you import or generate an Organization Certificate. All internal users will receive a certificate added to their keys within 12 hours. However, the old Organization Certificate will remain on users keys until the certificate expires.
When a Organization Certificate expires, you have several options to resolve the issue:
To enable S/MIME support, the certificate of the issuing Root CA, and all other certificates in the chain between the Root CA and the Organization Certificate, must be on the list of trusted keys and certificates on the Trusted Keys and Certificates card. If that is not the case, please import them.
To generate a Self-signed certificate or a Certificate Signing Request:
To create a Certificate Signing Request (CSR):
To import a certificate:
The Organization Certificate you imported appears in the Organization Certificate row.
Applies To
Symantec Encryption Management Server (formerly known as PGP Universal Server)