Encryption Management Server does not issue S/MIME certificates to existing GKM key mode users
Article ID: 187899
Updated On:
Products
Encryption Management Server Powered by PGP Technology
Encryption Desktop Powered by PGP Technology
Issue/Introduction
If you add an Organization Certificate to Encryption Management Server, it does not issue S/MIME certificates to existing internal users with GKM (Guarded Key Mode) keys. However, it does issue S/MIME certificates to existing internal users with SKM (Server Key Mode) keys.
Environment
Release : 3.3.2 MP13 and above.
Component : Encryption Management Server.
Cause
With GKM key mode, Encryption Management Server only stores a passphrase protected copy of the user's key. Only the end user knows the key's passphrase and therefore Encryption Management Server cannot modify the key. With SKM key mode, Encryption Management Server manages the key.
Resolution
Please do the following to ensure that Encryption Management Server issues an S/MIME certificate to an existing GKM key mode user:
- Create an Organization Certificate on Encryption Management Server.
- Delete the GKM mode user from Encryption Management Server.
- Re-enroll the user. To re-enroll, quit or kill pgptray.exe then delete or rename the folder "%appdata%\PGP Corporation". Do not delete or rename the folder Documents\PGP.
- Start pgptray and the user will be prompted to enroll. The user needs to respond that they have an existing key and they will be prompted for the key's passphrase.
- Encryption Management Server will create a user account for the user and Encryption Desktop will upload their key.
- Encryption Management Server will create an S/MIME certificate for the user.
Feedback
Yes
No
Powered by
