The PGP Encryption Server Administrator's Guide states that the Organization Key automatically renews itself one day before its expiration date.

However, while the PGP Encryption Server (Symantec Encryption Management Server) renews other managed keys one day before their expiration dates, it renews the Organization Key 31 days before its expiration date.

Symantec Encryption Management Server release 10.5.0 and above.

By default, its expiration date will be updated to one year after the date it was renewed. Only the expiration date is modified, all other attributes remain the same.

Note that the Organization Certificate, if present, does not get renewed automatically. Once the Organization Key has been renewed, delete the Organization Certificate and create a new one. The new Organization Certificate will have the same expiration date as the renewed Organization Key.

For PGP Encryption Server 10.5, it renews the Organization Key 31 days before its expiration date.

For the PGP Encryption Server 3.4.2 and older, the Organization Key automatically renewed itself one day before its expiration date. It renews with all the same settings.

If the Organization Key has not been renewed automatically 31 days prior to expiry, please contact Symantec Encryption Support.

Note: If an Ignition Key passphrase is forgotten, the Organization Key can be used to unlock the PGP server.  Make sure you backup your keypair of the Organization Key and also know the passphrase. 

EPG-22725
EPG-25053