Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

key search X.509 Directory LDAP -

Created: 21 Nov 2012 | 2 comments
NextChris's picture


I am thinking about recommending comodo as one of the prefered issuer of email certificates for partners and costumers of mine. Therefor I need a possibility to use LDAP key search on I configuered the keyserver like described in (Type: X.509 Directory LDAP / Hostname: / Base DN OU=directory, DC=comodo, DC=com / chekced both: Trust keys..., Incude...), but key search fails (LOG: []: error getting recipient encryption key: server open failed).

1. Any idea how to solve this issue? Workaround with other PGP-US searchable LDAP directories which allow upload of public comodo certificates?

2. Any other recommendations (email certificate provider)? despite:

    verisign - which had problems with automatic keysearch last year

    trustcenter - which is going to be out of business 2014 or so

    geotrust - as you can see i don´t want to only recommend symantec subsidiaries l

3. Does anybody know if there is a list of supported keyservers for automatic LDAP keysearch for PGP US? This would be the most valuable information!

Thank you for your help


Comments 2 CommentsJump to latest comment

dfinkelstein's picture

Do you have an example entry in the Comodo directory that can be found using the ldapsearch tool?

"Server open failed" might mean that firewall rules prevented Universal from contacting the Comodo directory.


David Finkelstein

Symantec R&D

NextChris's picture

Sorry for the late reply,

I was in contact with the comodo support:

The directory "" seems to be for SecureZIP-costumers only. - In fact I wasn´t able to upload my comodo certificate to the directory and of course this is the reason for not being able to find it there.

It would be still interesting to have a comment on which LDAP directories are searchable by PGP US beside the Symantec-owned ones like verisign and trustcenter!

regards, Chris