SMTP TLS errors occur after replacing an Encryption Management Server TLS certificate

book

Article ID: 211271

calendar_today

Updated On:

Products

Encryption Management Server Encryption Management Server Powered by PGP Technology Gateway Email Encryption Gateway Email Encryption Powered by PGP Technology

Issue/Introduction

After installing a new TLS certificate on a network interface of Encryption Management Server and deleting the old certificate, errors and warnings like this are generated in the Mail log:

SMTP-12345: SMTP service on 10.1.2.3:25 will not use TLS because there is no usable authentication key
SMTP-12345: Couldn't re-read TLS key: item not found

Cause

The Encryption Management Server mail proxy service does not restart automatically after TLS certificate changes.

Environment

Symantec Encryption Management Server 3.4.2 and above.

Resolution

Restart services. From the administration console:

  1. Navigate to System / General Settings.
  2. Click on the Restart Services button.

Alternatively, if you do not want to restart all services and have ssh access to the server, you can restart just the mail proxy service by running this command:

pgpsysconf --restart pgpuniversal

Note that by default, the mail proxy service is set to attempt TLS but not require it.