Cannot create an internal user by importing an S/MIME certificate
search cancel

Cannot create an internal user by importing an S/MIME certificate


Article ID: 231992


Updated On:


Encryption Management Server Gateway Email Encryption


Internal Users can be created on Encryption Management Server by importing an S/MIME certificate that contains an email address that matches the email domains listed in the administration console under Consumers / Managed Domains.

For example, an S/MIME certificate with the email address [email protected] can be imported if is one of the managed domains and a new internal user will be created.

To create a new internal user by importing an S/MIME certificate, in the Administration Console, navigate to Consumers / Users / Internal Users and click on the Add Internal Users button then browse to the *.pfx or *.p12 file containing the full certificate.

However, if Encryption Management Server has Directory Synchronization with Active Directory enabled, the import may fail with this error:

In the administration console under Reporting / Logs / Administration log, entries like the following appear where [email protected] is the email address of the S/MIME certificate:

PKCS-12 import failure: bad parameters
Couldn't import user "[email protected] <[email protected]>" (KeyID: 0x519FDB45): bad parameters


Symantec Encryption Management Server 10.5 MP3


To workaround this issue, ensure that in Active Directory the Display Name of the user's account has a value that matches the user's email address.

For example, the import will fail if the Display Name is First Last but will succeed if the Display Name is [email protected].

Broadcom is committed to product quality and satisfied customers. This issue is currently being considered by Broadcom to be addressed in a forthcoming version or Maintenance Pack of the product. Please be sure to refer back to this article periodically as any changes to the status of the issue will be reflected here.

Additional Information