PGP Display certificate alert when started on client machines

book

Article ID: 156975

calendar_today

Updated On:

Products

PGP Command Line

Issue/Introduction

When Symantec Encryption Desktop (formerly PGP Desktop) is started the certificate warning is displayed

Cause

If a trusted Certificate Authority certificate does not exist in the local certificate store you may receive this alert.

Resolution

Typically when this popup appears, you will want to examine the contents of the warning.  First, Certificates are valid for the following reasons:

*The FQDN listed on the TLS certificate matches the host the Symantec Encryption Desktop client is connecting to.

*The certificate is not expired.

*The certificate was issued by a trusted Certificate Authority.

*The certificate was not issued by a self-signed CA, such as generating a Self-Signed certificate on Symantec Encryption Management Server.

*The certificate that was issued by a trusted certificate authority has the root and intermediate certificate listed in Trusted Keys of the SEMS.  See article 180416 for information on how this should be done generally.

 

As long as the above conditions apply, this certificate warning should not appear.  Check to make sure the above conditions are met to make sure you do not receive this error domain wide.

If you do receive this certificate warning, please contact support so that we can assist you in troubleshooting what else may be happening.

 

Having the Root/Intermediate certificate in the local Microsoft certificate store is always recommended for best results.  If a trusted Certificate Authority certificate does not exist in the local certificate store you may receive this alert.  

 

If you do see this alert, it is not recommended to allow it, however, below are the definitions on what each selection means:

 
If you click “Allow” this certificate will be trusted for this session only and once the session is ended it will popup again.
If you click “Deny” this session certificate will be rejected and the session is not complete.
If you click “Always Allow for this site” this session will be initiated and the certificate is downloaded to the local store to be referred thereafter in all the coming sessions, so we do not get the PGP Alert message again.

Please consult with Symantec Encryption support when further troubleshooting is needed.

 

Applies To

PGP Universal Server

PGP Desktop Client

SSL Certificate