When attempting to import a certificate into the Organization Certificate section of PGP Universal Server, the following error is received:
Certificate Import Failed
The certificate could not be used. The certificate is not able to sign other certificates.
First, attempting to import an SSL certificate into the Organization Certificate on the PGP Universal Server will fail because the Organization Certificate requires an X.509 certificate compatible for S/MIME encryption for email, whereas SSL certificates are used for SSL/TLS traffic for the PGP Universal Server.
Second, requesting an X.509 certificate from a Certificate Authority for S/MIME encryption is expensive and is not a common practice. In this case, the Certificate Authority authorizes companies to purchase their signing certificate to sign on behalf of the Certificate Authority. For this to work, the certificate must have signing capability granted by the Certificate Authority in most cases this authority is not granted.
The PGP Universal Server can use either a self-signed certificate, or a certificate created by a companys Internal Certificate Authority. However, recipients will need to trust these certificates manually.
Note: If S/MIME encryption for email is not being used, it is not necessary to have an Organization Certificate.
If the intent is to purchase an SSL certificate for SSL/TLS communications, a Certificate Signing Request (CSR) must be done under the System/Network tab of the PGP Universal Server.
SSL certificates can be created on the PGP Universal Server as self-signed or obtained through a reputable certificate authority. However, self signed certificates are not automatically trusted by email or Web browser clients.
Obtaining a certificate from a Certificate Authority is especially important for PGP Universal Servers that will be accessed publicly. Older web browsers may reject self-signed certificates or not know how to handle them correctly when encountered via PGP Universal Web Messenger, Smart Trailer or other secure communication services. Obtaining an SSL certificate from a valid Certificate Authority will ensure web browsers will trust the SSL connection to the PGP Universal Server and end-users will not receive pop-up security alerts from web browsers.
Having a certificate from a valid Certificate Authority will also resolve the PGP Alert during client enrollment.
To resolve the above errors, a Certificate Signing Request should be generated on the PGP Universal Server. Once the SSL certificate has been received from the Certificate Authority, the SSL certificate should be imported into the Certificates section of PGP Universal Server under the System/Network tabs.
Guidelines for requesting an SSL certificate
Generating a Certificate Signing Request on PGP Universal Server