SMTP TLS errors occur after replacing an Encryption Management Server TLS certificate


Article ID: 211271


Updated On:


Encryption Management Server Encryption Management Server Powered by PGP Technology Gateway Email Encryption Gateway Email Encryption Powered by PGP Technology


After installing a new TLS certificate on a network interface of Encryption Management Server and deleting the old certificate, errors and warnings like this are generated in the Mail log:

SMTP-12345: SMTP service on will not use TLS because there is no usable authentication key
SMTP-12345: Couldn't re-read TLS key: item not found


The Encryption Management Server mail proxy service does not restart automatically after TLS certificate changes.


Symantec Encryption Management Server 3.4.2 and above.


Restart services. From the administration console:

  1. Navigate to System / General Settings.
  2. Click on the Restart Services button.

Alternatively, if you do not want to restart all services and have ssh access to the server, you can restart just the mail proxy service by running this command:

pgpsysconf --restart pgpuniversal

Note that by default, the mail proxy service is set to attempt TLS but not require it.