ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Encryption Management Server does not issue S/MIME certificates to existing GKM key mode users
Article ID: 187899
Encryption Management Server Powered by PGP TechnologyEncryption Desktop Powered by PGP Technology
If you add an Organization Certificate to Encryption Management Server, it does not issue S/MIME certificates to existing internal users with GKM (Guarded Key Mode) keys. However, it does issue S/MIME certificates to existing internal users with SKM (Server Key Mode) keys.
With GKM key mode, Encryption Management Server only stores a passphrase protected copy of the user's key. Only the end user knows the key's passphrase and therefore Encryption Management Server cannot modify the key. With SKM key mode, Encryption Management Server manages the key.
Release : 3.3.2 MP13 and above.
Component : Encryption Management Server.
Please do the following to ensure that Encryption Management Server issues an S/MIME certificate to an existing GKM key mode user:
Create an Organization Certificate on Encryption Management Server.
Delete the GKM mode user from Encryption Management Server.
Re-enroll the user. To re-enroll, quit or kill pgptray.exe then delete or rename the folder "%appdata%\PGP Corporation". Do not delete or rename the folder Documents\PGP.
Start pgptray and the user will be prompted to enroll. The user needs to respond that they have an existing key and they will be prompted for the key's passphrase.
Encryption Management Server will create a user account for the user and Encryption Desktop will upload their key.
Encryption Management Server will create an S/MIME certificate for the user.