Symantec Encryption Management Server includes over one hundred certificates from well known Certificate Authorities. These are shown in the administration console under Keys / Trusted Keys.

The User ID field for many of these certificates is identical. For example, there are over 10 trusted certificates with a User ID of VeriSign. This can make it difficult to determine whether a certificate that an administrator wishes to add to Trusted Keys is already present.

The User ID field shows the Organization (O) attribute from the Subject field of the certificate.

For example, a trusted certificate with a User ID of Thawte has the following attributes in its Subject field:

CN = Thawte Timestamping CA
OU = Thawte Certification
O = Thawte
L = Durbanville
S = Western Cape
C = ZA

To identify a trusted certificate, click on its User ID and make a note of its Fingerprint. This is unique for each certificate and is displayed in upper case. In Microsoft Windows, double click on the certificate to view its properties and under the Details tab note its Thumbprint which is displayed in lower case. If Fingerprint and Thumbprint are identical (ignoring the case of the characters) then the certificates are identical.

Note that if an administrator adds a certificate to Trusted Keys that is already present, the existing certificate will be replaced; a duplicate User ID will not be created.

• Trust key for verifiying mail encryption keys
• Trust key for verifying SSL/TLS certificates
• Trust key for verifying keyserver client certificates
   

The default trust for certificates is "Mail, TLS"  Upon import and checking all the boxes above, the certificate will show up as "Full", which will be easy to distinguish as the new cert just imported.  Using the Thumbprint, however, is the only way to know for sure if the actual certificate was imported.