Encryption Management Server can lookup keys on remote Encryption Management Servers over a secure LDAPS connection. Remote key servers are added on the Keys / Keyservers page of the administration console. The key server needs to be referenced within a rule in the Mail / Mail Policy page of the administration console.
Sometimes the LDAPS connection to the remote key server fails.
The Mail log will contain an entry like this:
2019/08/30 11:23:20 +00:00 INFO pgp/messaging: SMTP-00001: key search <[email protected]> [keyserver.example.com]: Could not get recipient encryption key: server open failed
A secure connection to the remote key server could not be established. Creating a successful LDAPS connection involves satisfying a number of requirements.
Please try to ensure that the following recommendations are met. For ease of reference, the Encryption Management Server that is making the LDAPS connection is referred to below as the LDAPS client and the remote Encryption Management Server that is hosting the LDAPS service is referred to as the LDAPS server:
If you cannot satisfy the above recommendations, a workaround is to use self-signed certificates on either or both the LDAPS client and LDAPS server. While not best practice, this will bypass the strict SSL checking used by Encryption Management Server.