Generate Organization Certificate using Internal Certificate Authority


Article ID: 157463


Updated On:


Encryption Management Server


When the Organization Certificate on Symantec Encryption Management Server is about to expire you have to obtain new certificate.


  1. Login to PGP Universal Server.
  2. Click on Keys >> Organization Keys.
  3. Click on "+" sign under Organization Certificate (Second option).
  4. Click on Generate CSR.
  5. Copy the content of the CSR.
  6. On Certificate Authority Server
    1. On certificate authority server, browse to http://localhost/certsrv.
    2. Click on Request a Certificate.
    3. Click on Advanced Certificate Request.
    4. Submit a certificate request by using base-64-encoded CMC or PKCS#10 file, or submit a renewal request by using a base-64-encoded PKCS#7 file.
    5. Paste the CSR content under Saved Request.
    6. Select the template as Subordinate Certificate Authority.
  7. Download the certificate with the option "base 64 encoded format".
  8. Open the certificate file in notepad and copy the certificate block.
  9. On the PGP Universal Server.
    1. Go to Keys >> Organization keys.
    2. Click on Organization Certificate and paste the certificate block
  10. Click on Save on the Organization Key page.

Applies To

PGP Universal Server 3.2.x

Symantec Encryption Management Server 3.3.x