Encryption Management Server allows remote hosts to search for public keys over LDAP (port 389) and secure LDAP (LDAPS port 636).
After the SSL certificate assigned to the LDAPS interface is replaced, remote Encryption Management Servers cannot connect over secure LDAP.
After the certificate is replaced, the stunnel service is not automatically restarted.
Manually restart the stunnel service:
# pgpsysconf --restart stunnel
For assistance, please contact Symantec Support.