Third parties can perform key searches on your Symantec Encryption Management Server over LDAP. However, they cannot perform key searches over LDAPS even though inbound connections over LDAPS (port 636) are permitted by your organization's firewall.

Encryption Management Server release 3.3.2 MP13 and above.

The TLS certificate bound to the Encryption Management Server LDAPS interface is not trusted by the third party.

Please ensure that the following requirements are met:

1. Third parties need to trust the TLS certificate used by LDAPS. For maximum compatibility this will need to be a certificate issued by a well-known Certificate Authority.
2. The complete chain of public issuing certificates for the TLS certificate must be imported into Encryption Management Server. Import the public issuing certificates from the Keys / Trusted Keys page of the Encryption Management Server admin console.
3. If the above requirements are met and third parties still cannot perform key searches over LDAPS, ensure that you are using Encryption Management Server 3.4.2 MP3 or above because this release resolves an issue concerning Trusted Keys.