BUG REPORT: Multiple Certificates with identical names are not used for signature verification
|Article:TECH201987|||||Created: 2013-01-23|||||Updated: 2013-07-16|||||Article URL http://www.symantec.com/docs/TECH201987|
When using PGP Universal Server and PGP Desktop Client and multiple certificates with the same subject information (CN, O, OU and etc.) exist in your environment, PGP doesn't handle the certificates properly.
For example when an old and a new certificate assigned to the PGP Universal Network interface are added to the trusted keys, the PGP Desktop client might still displays the PGP Alert about a wrong certificate.
This can also cause clustering to fail when, for example, an SSL certificate is renewed and the new certificate has a certificate chain with identical certificate names but different certificate attributes.
Apache may fail to start properly. This can be seen from the command line interface but is not visible from the web admin interface:
# pgpsysconf --apache
Restarting httpd... failed
httpd returned 1 - restoring httpd.conf backup
Restarting service httpd... success
The apache configuration file that fails to load is saved as /tmp/httpd.conf.failed. The apache configuration file that is currently in use is /etc/httpd/conf/httpd.conf.
Symantec Encryption Management Server 3.3 MP1
Symantec Encryption Management Server 3.3
PGP Universal server 3.2.x
PGP Desktop client 10.2.x
Symantec detected the root cause of the problem in the PGP SDK component.
This issue is fixed in the following release:
Symantec Encryption Management Server 3.3.0 MP3
This Maintenance Pack is available for download via your account on Symantec File Connect. fileconnect.symantec.com
Multiple Certificates with identical names are not used for signature verification
Article URL http://www.symantec.com/docs/TECH201987