![]() To reverse this change, repeat the above steps but in step 8 set the value to false.ġ72547 - Missing PGPtrustedcerts.asc file in Encryption Desktop client installer (String too long)ġ56600 - Manually add PGPtrustedcerts.Let’s look at Symantec’s history and it’s place in the cybersecurity industry eco-system. Click the Save button to save the policy.Click the Cancel button to return to the previous page.In the Value text box add the following: true.Ensure the type is set to Boolean (this is the default).In the Pref Name text box add the following: treatUntrustedConnectionAsOffline.Ensure the radio button next to the Set option is enabled (this is the default).Click on the Edit Preferences button from the Edit XML Preferences section.Click on the Edit button from the General section.Click on the name of the policy you wish to change.To update the treatUntrustedConnectionAsOffline policy preference do the following from the Encryption Management Server admin console: Note that a warning will be written to the Encryption Desktop log file. With this policy enabled, clients will not connect to an untrusted server certificate and the user will not be warned so they will not be given the option to override the warning. To ensure that Encryption Desktop does not connect to an untrusted server certificate, you can update a preference called treatUntrustedConnectionAsOffline in the user's policy. Symantec Enterprise Division recommends this over telling users to click "always allow" as this could train the user into clicking allow on future "invalid cert" popups, which could appear due to malicious intent. It is a good idea to get the certificates configured properly so the invalid cert warning does not appear. NOTE: All the previous options are recommended over this and this option should be tried only if absolutely necessary. For more information on this method, please see the following article:ġ56600 - Manually add PGPtrustedcerts.asc to the Symantec Encryption Desktop installer (MSI) using Orca Option 4 - Manually include the PGPtrustedcerts.asc file in the downloaded *.msi file. Please see the following article for further details:ġ72547 - Missing PGPtrustedcerts.asc file in Encryption Desktop client installer However, under certain circumstances the PGPtrustedcerts.asc file may not be included in the *.msi file. Therefore upgrading clients will prevent the certificate warning from appearing. Option 3 - When downloading the Encryption Desktop installation package (*.msi file) from Encryption Management Server, the list of trusted certificates is automatically built-in to the package and included in a file called PGPtrustedcerts.asc. ![]() ![]() TIP: Import this file to a standalone SED client where you can manually validate the certificates associated to PGPtrustedcerts.asc are the correct/expected certificates. The correct folder is "%ProgramData%\PGP Corporation\PGP". Option 2 - Copy the PGPtrustedcerts.asc file that contains the correct certificate chain from one client to all clients. Consult with your AD Domain Admin to verify this is all configured properly. TIP 2: Check the Root, and Intermediate Certificates being used, and make sure these are trusted by your domain GPO. This will ensure any additional certs added will be included. TIP 1: Check the Root, and Intermediate Certificates being used, and make note of the Thumbprint/Fingerprint and make sure those are included in the Trusted Keys before you build the client package. If an internal Certificate Authority issued the server certificate, it is likely that the root and intermediate certificates would already have been added to each client machine's Windows Certificate Store. This applies whether a third party Certificate Authority or an internal Certificate Authority has issued the server certificate. It is vital that before installing a server certificate in the Symantec Encryption Management Server, the root and any intermediate certificates in the chain are imported to the SEMS Trusted Keys (Keys / Trusted Keys) menu of the administration console. Option 1 - Import the certificates in the certificate chain used by Encryption Management Server to the "Trusted Root Certification Authorities" and/or "Intermediate Certification Authorities" of the Windows Certificate Store of each client. Symantec Enterprise Support recommends you to upgrade to ensure best performance for this issue. This behavior has been found to be resolved with SED 10.5 MP2. Important Note: Symantec Encryption Desktop 10.5 had an issue where none of the below options would work. Aside from clicking on "Always allow", there are several other options available so that end users are not presented with the invalid certificate alert: ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |