HOW TO: Change the hostname of a PGP Universal 2.x Server

Article:HOWTO41993  |  Created: 2006-09-28  |  Updated: 2011-03-14  |  Article URL http://www.symantec.com/docs/HOWTO41993
Article Type
How To




This article will describe how to change the hostname of a PGP Universal Server.  This article assumes the IP address is left unchanged.


 

Warning: Changing a PGP Universal Server hostname involves regenerating your Organization Keypair.  This can cause problems with key signatures and backups.  All user keys will have unverified signatures until they are renewed with this new Organization Key.  Organization Certificates and Ignition keys are also removed as part of regenerating your Organization Keypair.  Before proceeding you should backup your PGP Universal Server and your current Organization Keypair.


 

Steps to change hostname

If the IP address remains unchanged, changing the hostname of a PGP Universal Server has the following steps:

 

  1. Backup your Organization Keypair and the server before making any changes.
  2. Change the hostname.
  3. Update your DNS records to use this new name with the same IP address. You may want to create an alias of the old hostname to resolve to the new hostname.
  4. If mail is passing through your server, update the mail servers to use the new hostname.
  5. If you have a SSL certificate you will need to regenerate it for the new domain name.
  6. Update the PGP Universal Web Messenger URL to the new FQDN.
  7. Update the keyserver service to use the correct FQDN.
  8. Update the Verified Key Directory to use the new FQDN if needed.
  9. Add the new domain to the list of managed domains.
  10. Add a mail route if applicable.
  11. If directory synchronization is enabled and has changed you should update those changes.
  12. Regenerate your Organization Key and if applicable your Organization Certificate.
  13. Backup your new Organization Keypair and backup your server.

Example: Change hostname keys.domain.com to keys.newdomain.com

  1. Backup your Organization Keypair and create a backup of the server before making any changes. 
     
  2. Change the hostname.  Log in to the PGP Universal Server and navigate to System, Network, Global Network Settings.  Currently the hostname is keys.domain.com. 

    Replace this with keys.newdomain.com.  Click Save.

     
  3. Update your DNS records to use this new FQDN (fully qualified domain name) with the same IP address. 

     
  4. If mail is passing through your server, update the mail servers to use the new hostname. (Exchange smarthost)

    If your mail server names have changed then you should update the proxies to use the correct mail server name.  Navigate to Mail, Proxies.  Check to be sure that these have the correct mail servers listed.  If they need to be changed you should open the particular proxy and modify the mail server address appropriately.

     
  5. If you have a SSL certificate you will need to regenerate it for the new domain name.  Click on Certificates.  Click on Add Certificate.

    You can either generate a self-signed certificate or you can generate a certificate sign request that a third party certificate authority can sign for you.  In this example we created a self-signed certificate for 5 years.

    You may wish to delete your old certificate from the server.

     
  6. Update the PGP Univeral Web Messenger URL to the new FQDN.  Navigate to Services, Web Messenger.  Click Edit.

    Click on Interface to open the interface settings.  Change the Hostname from keys.domain.com to keys.newdomain.com.  Click Save.

     
  7. Update the keyserver service to use the correct FQDN.  Navigate to Services, Keyserver.  Click on Edit.

    Change the Public URL from ldap://keys.domain.com to ldap://keys.newdomain.com. Click Save.

     
  8. Update the Verified Key Directory to use the new FQDN if needed.  Navigate to Services, Verified Directory.  Click Edit.  Click Interface.  Change the Public URL from ldap://keys.domain.com to ldap://keys.newdomain.com.  Click Save.

     
  9. Add the new domain to the list of managed domains.  Navigate to Organization, Managed Domain.  Click Add Managed Domain.

    Type newdomain.com and click Save.

    Verify that the automatic mail route that is created is correct.  If your mail server isn't mail.domain.com then you may want to change it to reflect the correct mail server.

    Delete domain.com from the managed domain list.

     
  10. Add a mail route if applicable.  (Normally this is automatic from previous step but if not you should do it manually).  Click on Mail, Mail Routes.  Check to make sure that newdomain is listed and that it points to your mail server.  If your mail server has changed make sure that this mail route has the correct mail server listed.

    If this is missing then you should manually add this route by clicking on Add Mail Route.  Delete domain.com from the mail route list.
     
  11. If directory synchronization is enabled and has changed you should update those changes.  Navigate to Policy, Internal User Policy.  Click on Directory Synchronization.  If this feature is enabled, make sure that the settings are still valid.

     
  12. Regenerate your Organization Key and if applicable your Organization Certificate.  Navigate to Organization, Organization Keys.  Click on the regenerate icon next to your Organization key to regenerate this key with the correct name.  Select the size and type and expiration date.  Click Generate.

    Read and click Ok on the warning that appears.

    If needed, regenerate your Organization Certificate.

     
  13. Backup your new Organization Keypair and backup your server.


 


Legacy ID



670


Article URL http://www.symantec.com/docs/HOWTO41993


Terms of use for this information are found in Legal Notices