The PGP Encryption Server (Symantec Encryption Management Server) at the core is a keyserver and will manage all the public and private keys for an organization. The Organization Key is used to sign all user keys and to encrypt server backups. As such, keys that reside on the server can be exported, including the Organization Key Pair.
This article details how to backup the Organization Key for the PGP Server.
As all backups are encrypted with the Organization Key, it is extremely important to back up the Organization Key. If the Organization Key is not backed it up, it is not possible to restore from backups encrypted to the Organization Key.
Important Note: Make special care to protect the organization key when exporting. Do not allow the Org Key to be exported without a passphrase unless absolutely necessary, and if this is done, protect it so that it does not end up in unauthorized hands.
Each PGP Encryption Server is pre-configured with a unique Organization Key generated by the Setup Assistant. If different settings for this key is needed, the Organization Key can be re-generated based on new settings, however this should only be done prior to live deployment of the server or creation of user keys by the server.
The Organization Key automatically renews itself one day before its expiration date including all of the same settings.
The Organization Key can be backed up during the initial installation of the server or by exporting the key from the PGP Encryption Server interface.
To backup your Organization Key: