Invisible Silent Enrollment failing due to expired Organization Certificate

book

Article ID: 156815

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption

Issue/Introduction

Invisible Silent Enrollment failing due to expired Organization Certificate

Cause

Invisible Silent Enrollment uses a file called orgkey.asc as part of the validation/authentication process in order to invisibly enroll a user.  When the Org Key is downloaded from the PGP Universal Server, it contains the Organization Certificate.  If any keys are expired, this can cause Invisible Silent Enrollment to fail.

Resolution

You have one of two options provided to you in order to resolve the issue:

Choose Option A or B (depending on the scenario)

Option A. Delete the Org Cert (not the Org Key), and re-download the PGP Desktop client.  The orgkey.asc file will be included in the download as this file is not a dynamic file and will not be updated automatically.

Note: If s/mime encryption is not being used, this is a viable option as the Org Cert is only used for s/mime encryption.

Option B: Create a new Org Cert and re-download the PGP Desktop client and deploy this client to systems instead.

Next steps (after choosing Option A or B):

1. Download the Org Key public portion from PGP Universal Server and rename it to orgkey.asc and place this file in the appropriate directory for Invisible Silent Enrollment:

%allusersprofile%\PGP Corporation\PGP

2. Exit PGP Services

3. Delete the PGPpref.xml and PGPpolicy.xml files from %appdata%\PGP Corporation\PGP

The next time the user logs in, Invisible Silent Enrollment will complete successfully.


Applies To

PGP Desktop

Symantec Encryption Desktop (previously PGP Desktop)