Adding a Root CA to PGP Universal Server

Products

Symantec Products

Issue/Introduction

PGP Universal Server ships with a default set of trusted Root and Intermediate CA certificates. Sometimes it is necessary to augment this set with additional Root or Intermediate CAs. For example, if your Web Server SSL certificate chains back to a Root CA that is not in the default set trusted by PGP Universal Server, you will want to add this CA to the set of PGP Universal Server certificates.

This article details the procedure for adding an additional CA certificate to the set of certificates that are trusted by PGP Universal Server.

Resolution

To add a new trusted CA certificate to PGP Universal Server:

1. Log on to the PGP Universal Server Administrative Console as either a full administrator or superuser aministrator.

2. Select Keys > Trusted Keys.

3. Scroll to the bottom of the page, and click Add Trusted Key.

4. Do one of the following:

· To import a trusted certificate saved in a file, click Browse and choose the file on your system that contains the certificate you want to add.

· To import a trusted certificate in block format, paste the block text into the Import Key Block box (you need to copy the certificate block text first to paste it).

Your certificate can be in .cer, .crt, .pem, or .p7b format. Binary formats cannot be pasted in as a key block and must be imported from a file.

5. Select the appropriate box corresponding to the reason the certificate is to be trusted by PGP Universal Server.

For example, if this CA certificate issues SSL/TLS certificates, check the Trust key for verifying SSL/TLS certificates box.

6. Click Save.

The CA certificate is now added to PGP Universal Server. You can now proceed to add other Root and Intermediate CA certificates if needed.