The PGP Encryption Server (Symantec Encryption Management Server) can lookup keys on remote PGP Encryption Servers over a secure LDAPS connection.
Remote key servers are added on the Keys / Keyservers page of the administration console. The key server needs to be referenced within a rule in the Mail / Mail Policy page of the administration console.
Sometimes the LDAPS connection to the remote key server fails.
The Mail log may contain an entry like this:
2019/08/30 11:23:20 +00:00 INFO pgp/messaging: SMTP-00001: key search <[email protected]> [keyserver.example.com]: Could not get recipient encryption key: server open failed
Because LDAPS is a secure connection to a remote key server, creating a successful LDAPS connection involves satisfying a number of requirements.
For ease of reference, the PGP Encryption Server that is making the LDAPS connection is referred to below as the LDAPS client and the remote PGP Server that is hosting the LDAPS service is referred to as the LDAPS server.
Ensure that the following recommendations are met.
For more information on troubleshooting keyserver lookups, see the following article: