ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Encryption Management Server presents an incorrect certificate for secure key lookup connections


Article ID: 169798


Updated On:


Encryption Management Server


Encryption Management Server allows remote hosts to search for public keys over LDAP (port 389) and secure LDAP (LDAPS port 636).

After the SSL certificate assigned to the LDAPS interface is replaced, remote Encryption Management Servers cannot connect over secure LDAP.


After the certificate is replaced, the stunnel service is not automatically restarted.


  • Encryption Management Server 3.4 and above.
  • Keyserver service enabled.
  • Secure LDAP enabled.


Manually restart the stunnel service:

  1. Connect to the server using SSH or PuTTY. (Click here to see how).
  2. Restart the stunnel service:
# pgpsysconf --restart stunnel

For assistance, please contact Symantec Support.