This article provides step-by-step instructions for adding, inspecting, and changing trusted keys and certificates in PGP Universal 2.5 and above.
HOW TO: Work with Trusted Keys and Certificates on PGP Universal Server
Trusted Keys and Certificates can be found under the Organization/Trusted Keys tabs. They are keys and certificates that you trust but are not part of the SMSA created by PGP Universal.
In those cases where your PGP Universal Server cannot find a public key for a particular user on any of the keyservers you have defined as trusted, it will also search the default directories. If it finds a key in one of the default directories, it will trust (and therefore be able to use) that key only if it has been signed by one of the keys in the trusted keys list.
PGP Universal can use S/MIME only if it has the root certificates from the CAs available to verify the client certificates. These CAs can be in your company or they can be an outside-managed CA.
To enable S/MIME support, the certificate of the issuing Root CA, and all other certificates in the chain between the Root CA and the Organization Certificate, are on the list of trusted keys and certificates on the Trusted Keys and Certificates card. PGP Universal Server comes with information on many public CAs already installed on the Trusted Keys and Certificates card. Only in-house CAs or new public CAs that issue user certificates need to be manually imported. You can inspect, export (save on your machine), or delete the root certificates at any time.
Trusted Certificates can be in any of the following formats: .cer, .crt, .pem and .p7b.
Inspecting and Changing Trusted Key Properties
Adding a Trusted Key or Certificate