HOW TO: Correct the "PGP Alert - Invalid Server Certificate" Warning During Enrollment

Article:TECH200530  |  Created: 2012-12-05  |  Updated: 2013-04-29  |  Article URL
Article Type
Technical Solution


During PGP Desktop client enrollment and during any subsequent connections between the client and PGP Universal Server, you receive a PGP Alert regarding an Invalid Server Certificate

If you choose to Allow or Deny the certificate, you will continue to receive the alert. If you choose to Always Allow for This Site, the PGP Alert is displayed only once.



PGP Universal Server 3.2

PGP Desktop 10.2

Windows XP

Windows Vista

Windows 7


During (silent) enrollment, PGP Universal Server identifies itself to the PGP Desktop client with an untrusted certificate.



1. Log in to PGP Universal Server administrative interface.

2. Click the System tab and select the Network tab.

3. Click the Certificates button.

4. Select the name of the certificate that you want to trust. The Certificate Info for the certificate is displayed.

5. Click the Export button. The Export Certificate dialog screen appears.

6. To export the public key portion of the certificate, select Export Public Key.

7. Click Export and when prompted click Save.

8. Specify a name and location to save the file, then click Save.

9. Log into the Domain Controller (DC) and open Group Policy Management (Start > Administrative Tools > Group Policy Management).

10. In the console tree, double-click Group Policy Objects in the forest and domain containing the Default Domain Policy Group Policy object (GPO) that you want to edit.

11. Right-click the Default Domain Policy GPO, and then click Edit.

12. In the Group Policy Management Console (GPMC), go to Computer Configuration > Windows Settings > Security Settings  and then click Public Key Policies.

13. Right-click the Trusted Root Certification Authorities store and click Import and follow the steps in the Certificate Import Wizard to import the certificate that from PGP Universal Server.

14. Browse for the Certificate. Make sure to specify to choose All files (*.*) when looking for the certificate.

15. Run gpupdate on the client machines or restart the client machines before enrolling the users. New users never receive a PGP certificate alert.


Supplemental Materials


The above mentioned steps help us to push the PGP Universal Server's Certificate through a group policy to the Trusted Root Certification Authorities store of each and every client machine on the network.

Article URL

Terms of use for this information are found in Legal Notices