File Share Encryption

 View Only

  • 1.  Assigned Certificate not trusted by Mobile Encryption and Desktop Enryption

    Posted Nov 18, 2015 05:15 AM

    Hello,

    we have an Symantec Encryption Server and serveral users with encryption desktop and mobile encryption. I installed an wildcard certificate from QouVadis Trustlink Schweiz AG which works with IE. But if I try to install an mobile or desktop enryption there popup a message

    Cannot Verify Server Identity

    Server ... presented a TLS certificate that was issued by an unknown Certificate Authority (issuer: CN=QouVadis Global SSL ICA G2, O=QuoVadis Limited, C=BM)

    What can I do that the certificate will work without problems?

    Bye and Thanks

    Sascha Kunimünch



  • 2.  RE: Assigned Certificate not trusted by Mobile Encryption and Desktop Enryption

    Posted Nov 18, 2015 11:15 AM

    That provider is not present in the trusted keys on the encryption server.  You can choose "Always Allow", and you shouldn't see the warning again.  You should get the root and intermediate CA certificates installed on the encryption server, then generate packages for deployment.  There are other ways of making the client trust the certificate as well.  See the following article:
    https://support.symantec.com/en_US/article.TECH149211.html

    In the case of the mobile app, you may need to import the certificates into the phone.



  • 3.  RE: Assigned Certificate not trusted by Mobile Encryption and Desktop Enryption

    Posted Nov 19, 2015 06:00 AM
      |   view attached

    Hello,

     

    thanks for the quick Answer. I already installed the root and intermediate CA certificate on the server and generate a new package. But the warning still apperas.

    Attached Print Screens from the certificates.

    Bye Sascha Kunimünch

    Attachment(s)

    pdf
    SES_Certificates.pdf   159 KB 1 version


  • 4.  RE: Assigned Certificate not trusted by Mobile Encryption and Desktop Enryption

    Broadcom Employee
    Posted Nov 23, 2015 01:20 PM

    Hi Sascha,

     

    Perhaps the client machines also do not trust this certificate. If that is the case you need to push the root and intermediate certificates, please see: HOW TO: Suppress Invalid Certificate Warnings for Self-Signed Certificates During Enrollment for Symantec Encryption Desktop via Microsoft GPO.

    Also ensure the server was able to build the trust chain, re-apply the certificate to the NIC in the server. Select None > Save and then go again to Networks, select the certificate and Save.

    Then export a new client package.

     

    Rgs,

    dcats



  • 5.  RE: Assigned Certificate not trusted by Mobile Encryption and Desktop Enryption

    Posted Nov 24, 2015 06:57 AM

    Hi,

    thanks, I will try this. Otherwise I will click this message away :-)

    Bye Sascha