Video Screencast Help

Generate Organization Certificate

Created: 12 Nov 2012 | 2 comments

PGP Universal Server 3.1.2

My Organization Certificate expired a few weeks ago and since then, users keys have stopped renewing.  Is this related? 

How do I generate a new Organization Certificate?  Instructions I've been able to find are not clear. 

I'm new to PGP Universal Server, and before I go in and make changes to the production server and really muck things up, is there anyone that can give some guidance?

We don't encrype email, so S/MIME is not a consideration.  Will a self signed certificate be adequate, or should I get a CA certificate? 

Thanks in advance.

Comments 2 CommentsJump to latest comment

Brian_Ch's picture

Here is a document on what to do if Organization Certificate Expires. You can use a self-signed Certificate, but it is recommended that you use one generated by a known CA. This document has steps on how to generate a new Self Signed Certificate as well as on how to Generate a CSR for requesting this from a CA. Hope this helps. Let me know if you run into issues. If you are using a Self-signed Certificate you will have to import this on the client machines. Where as if you install a certificate from a know CA it will be trusted.

Brian_Ch's picture

Sorry I missed one of your questions. Yes the Certificate and Organization key have the same expiration and this is why your keys are expiring. They use the Organization key to renew the keys if you are using SKM key mode. You might want to check this after you import the new Certificate. If you need to you can manually update the expiration for the Organization key by exporting it to PGP Desktop and then changing the expiration date and then re-import the same key back into PGP Universal Server.