BUG REPORT: Users with imported certificate fail to send secure message through SEMS gateway

book

Article ID: 159193

calendar_today

Updated On:

Products

Encryption Management Server

Issue/Introduction

When using Symantec Encryption Management Server (Formerly PGP Universal Server) in gateway placement and sending email through it using user account with exported x509 certificate, the emails are not encrypted. When issue occur you have following error in the log

YYYY/MM/DD HH:MM:SS +02:00  ERROR  pgp/messaging[0000]:       SMTP-00000: Failed to add X509 certificate to key: "testuser01 <[email protected]>" (KeyID: 0x1234ABCD)
YYYY/MM/DD HH:MM:SS +02:00  DEBUG  pgp/messaging[0000]:       SMTP-00000: sUpdateInternalUserMAKIfPossible: bad parameters
YYYY/MM/DD HH:MM:SS +02:00  ERROR  pgp/messaging[0000]:       SMTP-00000: error handling SMTP DATA event: bad parameters
YYYY/MM/DD HH:MM:SS +02:00  DEBUG  pgp/messaging[0000]:       SMTP-00000: exception location:
YYYY/MM/DD HH:MM:SS +02:00  DEBUG  pgp/messaging[0000]:       SMTP-00000: SMTP Data ProtocolEvent returning with error -12000 (bad parameters)
YYYY/MM/DD HH:MM:SS +02:00  DEBUG  pgp/messaging[0000]:       SMTP-00000: pgpproxy: Finishing transaction. "451 Symantec Encryption Server: Error while processing (SMTP-00000)"

Resolution

Symantec Corporation is committed to product quality and satisfied customers. This issue is currently being considered by Symantec Corporation to be addressed in a forthcoming version or Maintenance Pack of the product.  Please be sure to refer back to this document periodically as any changes to the status of the issue will be reflected here.

The following is a known temporary workaround for the issue until the version/maintenance pack is released:
This issue can be temporarily resolved by removal of organization certificate from the server. Please add organization certificate to the list of trusted keys, as otherwise the certificates of already existing users may be removed after removal of organization certificate.


Applies To

Symantec Encryption Management Server 3.3.x

PGP Universal Server 3.2.x, 3.1.x, 3.0.x

PGP Lotus Protector for Mail Encryption 2.x