BUG REPORT - Problems with new VeriSign SSL certificates not validating on PGP Universal 3.2.1 or Symantec Encryption Management Server 3.3.0
|Article:TECH194325|||||Created: 2012-08-02|||||Updated: 2013-07-23|||||Article URL http://www.symantec.com/docs/TECH194325|
Symantec has received reports of problems from customers who were on a release prior to version 3.x of PGP Universal Server and then upgraded the server to a version prior to Symantec Encryption Management Server 3.3.0 MP2 this includes PGP Universal Server 3.2.1 and older. This problem can also occur on new installation of Symantec Encryption Management Server 3.3.0 as well.
The Clustering SSL or pgptcpwrapper logs in debug mode displays a message similar to the following:
PGP Universal Server 3.x server with a PUP update to PGP Universal Server 3.2.1 or Symantec Encryption Management Server 3.3.0
PGP Universal Server 3.2.1 or newer new installation with new VeriSign SSL (Basic, Premium or EV) certificate issued on or after Q4 of 2010
Solution to Cause 1 requires an update to Symantec Encryption Management Server software.
1) In the case of using most Basic and Premium SSL certificates you can use the copies of the Intermediate Certs included in this KB. Download the verisign_intermediate_primary.pem and Verisign_intermediate_secondary_plus_root.p7b files and possibly the verisign_roots.zip files and save them to a location on your computer.
Unable to establish TLS negotiation(tcpwrapper) with VeriSign certificate after updating from 3.2 MP5 to 3.2.1 or later
Update the trusted root certificate list
Article URL http://www.symantec.com/docs/TECH194325