search cancel

The Encryption Management Server network interface used for replication must have a TLS certificate

book

Article ID: 214700

calendar_today

Updated On:

Products

Encryption Management Server Encryption Management Server Powered by PGP Technology Gateway Email Encryption Gateway Email Encryption Powered by PGP Technology

Issue/Introduction

By default, the network Interface used for replication between Encryption Management Server cluster members is Interface 1.

During the installation of Encryption Management Server, a self-signed TLS certificate is generated automatically and assigned to Interface 1.

If you need to use a different Interface for replication, you must manually edit the /etc/ovid/prefs.xml configuration file from the command line.

If the network Interface used for replication does not have a TLS certificate associated with it, replication will fail.

Environment

Symantec Encryption Management Server release 3.4.2 and above.

Resolution

Always ensure that the network Interface used for replication in a clustered environment has a TLS certificate associated with it.

Do not remove the certificate even temporarily or replication will immediately fail.

Please try to use Interface 1 for replication. If you need to use a different interface, please open a Technical Support case.