search cancel

Third parties cannot perform key searches on Encryption Management Server over LDAPS

book

Article ID: 173178

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption

Issue/Introduction

Third parties can perform key searches on your Symantec Encryption Management Server over LDAP. However, they cannot perform key searches over LDAPS even though inbound connections over LDAPS (port 636) are permitted by your organization's firewall.

Cause

The TLS certificate bound to the Encryption Management Server LDAPS interface is not trusted by the third party.

Environment

Encryption Management Server release 3.3.2 MP13 and above.

Resolution

Please ensure that the following requirements are met:

  1. Third parties need to trust the TLS certificate used by LDAPS. For maximum compatibility this will need to be a certificate issued by a well-known Certificate Authority.
  2. The complete chain of public issuing certificates for the TLS certificate must be imported into Encryption Management Server. Import the public issuing certificates from the Keys / Trusted Keys page of the Encryption Management Server admin console.
  3. If the above requirements are met and third parties still cannot perform key searches over LDAPS, ensure that you are using Encryption Management Server 3.4.2 MP3 or above because this release resolves an issue concerning Trusted Keys.