Prevent Symantec Encryption Management Server from harvesting certificates from Active Directory and associating with users

book

Article ID: 157157

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption

Issue/Introduction

By default Symantec Encryption Management Server looks at the UserCertificateBinary attribute in LDAP for certificates associated with the user. This is used for S/MIME encryption as well as Certificate Enrollment.  If this functionality is not needed, or is causing problems, such as multiple (unused) certificates being harvested from Active Directory, the behavior can be disabled.  Once disabled, user certificates from Active Directory will no longer be harvested and associated to user accounts on Symantec Encryption Management Server.

Resolution

As Symantec Encryption Management Server does not have an option to toggle this setting in the UI, to disable this functionality, please contact Symantec Encryption Support who can help modify this setting on the back-end configuration.