Encryption Management Server presents an incorrect certificate for secure key lookup connections

book

Article ID: 169798

calendar_today

Updated On:

Products

Encryption Management Server

Issue/Introduction

Encryption Management Server allows remote hosts to search for public keys over LDAP (port 389) and secure LDAP (LDAPS port 636).

After the SSL certificate assigned to the LDAPS interface is replaced, remote Encryption Management Servers cannot connect over secure LDAP.

Cause

After the certificate is replaced, the stunnel service is not automatically restarted.

Environment

  • Encryption Management Server 3.4 and above.
  • Keyserver service enabled.
  • Secure LDAP enabled.

Resolution

Manually restart the stunnel service:

  1. Connect to the server using SSH or PuTTY. (Click here to see how).
  2. Restart the stunnel service:
# pgpsysconf --restart stunnel

For assistance, please contact Symantec Support.