Missing PGPtrustedcerts.asc file in the PGP Encryption Desktop Client Installer (String too long) - Trusted Keys Duplicated
search cancel

Missing PGPtrustedcerts.asc file in the PGP Encryption Desktop Client Installer (String too long) - Trusted Keys Duplicated

book

Article ID: 172547

calendar_today

Updated On:

Products

Encryption Management Server Desktop Email Encryption Drive Encryption Endpoint Encryption File Share Encryption Gateway Email Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP Key Mgmt Client Access and CLI API PGP SDK

Issue/Introduction

When you download a customized PGP Encryption Desktop client from the PGP Encryption Server, an error may be logged to the Administration log and the PGPtrustedcerts.asc file is not included in the *.msi installation file.

Download the PGP Encryption Desktop client by doing the following:

  1. Open the Consumers / Groups page from the administration console.
  2. Click on the Download Client button at the bottom of the page.
  3. From the Download page, select the Platform (Windows 32-bit or Windows 64-bit) and Language.
  4. Enable the Customize option.
  5. If necessary, modify the Symantec Encryption Server name. This name should be the FQDN that the PGP Encryption Desktop clients connect to. For example, keys.example.com.
  6. Click on the Download button.

After the download completes, an error may appear in the Administration log. If the error appears, the PGPtrustedcerts.asc file will not be included in the installation file.

An error similar to the following may appear in the Administration log on the Reporting / Logs page of the administration console. In this example, 54,321 represents any number greater than 30,000:
String too long (string is 54321 limit is 30000)

 

Cause

The PGP Encryption Server administrators can import Root and Intermediate certificates from the Keys / Trusted Keys page of the administration console. All such imported certificates are included in the PGPtrustedcerts.asc file within the customized Encryption Desktop installer.

During the installation of Encryption Desktop, the PGPtrustedcerts.asc file is saved to the folder %ProgramData%\PGP Corporation\PGP.

If the combined Root and Intermediate certificates comprise over 30,000 characters, the String too long error is generated and the PGPtrustedcerts.asc file is not included in the MSI file.

This issue can occur after an upgrade of the PGP Server.  Check the Trusted Keys list to see if there are any duplicates, this can add to the list.  

 

Resolution

In order to resolve avoid the String too long error, or if you click "Customize" and the client will not download, please contact Symantec Technical Support.

There is a fix that Encryption Support can assist with to allow you to download the client properly.

Starting with PGP Server 10.5.1 MP2, this issue will no longer be observed.  If you still see this issue even after upgrading to 10.5.1 MP2, please contact Symantec Encryption Support for further guidance. 

Additional Information

EPG-28079 - Duplicate Trusted Keys or problematic Trusted Keys may be seen upgrading *to* PGP 10.5.0 MP3 through PGP Server 10.5.1 MP1.

Upgrading from PGP 10.5.1 MP1 to any newer version will not see this issue. 
Reach out to Symantec Encryption Support if you see this issue and mention this ticket ID to resolve the problematic Trusted Keys.

EPG-28079/EPG-28828

Etrack: 2473680


For other information relate to certificate pop-ups, see the following articles for assistance and contact Symantec Enterprise support if needed:

180143 - HOW TO: Work with Trusted Keys and Certificates on Symantec Encryption Management Server (PGP Server)

270245 - Certificate Warning after upgrading to PGP Server 10.5.1 MP2 or above stating the certificate is untrusted

172547 - Missing PGPtrustedcerts.asc file in Encryption Desktop client installer (String too long)

153347 - Authentication certificate not valid pop-up displayed when connecting to Encryption Management Server

157432 - PGP Desktop prompts user that the server certificate is not valid (Symantec Encryption Desktop)