BUG REPORT: Multiple Certificates with identical names are not used for signature verification

Article:TECH201987  |  Created: 2013-01-23  |  Updated: 2013-07-16  |  Article URL http://www.symantec.com/docs/TECH201987
Article Type
Technical Solution


When using PGP Universal Server and PGP Desktop Client and multiple certificates with the same subject information (CN, O, OU and etc.) exist in your environment, PGP doesn't handle the certificates properly.

For example when an old and a new certificate assigned to the PGP Universal Network interface are added to the trusted keys, the PGP Desktop client might still displays the PGP Alert about a wrong certificate.

This can also cause clustering to fail when, for example, an SSL certificate is renewed and the new certificate has a certificate chain with identical certificate names but different certificate attributes.


Apache may fail to start properly.  This can be seen from the command line interface but is not visible from the web admin interface:

# pgpsysconf --apache

Restarting httpd... failed

httpd returned 1 - restoring httpd.conf backup

Restarting service httpd... success

The apache configuration file that fails to load is saved as /tmp/httpd.conf.failed.  The apache configuration file that is currently in use is /etc/httpd/conf/httpd.conf.


Symantec Encryption Management Server 3.3 MP1

Symantec Encryption Management Server 3.3

PGP Universal server 3.2.x

PGP Desktop client 10.2.x


Symantec detected the root cause of the problem in the PGP SDK component.


This issue is fixed in the following release:

Symantec Encryption Management Server 3.3.0 MP3

This Maintenance Pack is available for download via your account on Symantec File Connect. fileconnect.symantec.com

Supplemental Materials


Multiple Certificates with identical names are not used for signature verification

Article URL http://www.symantec.com/docs/TECH201987

Terms of use for this information are found in Legal Notices