Monday, January 23, 2012

PGP Universal Gateway Server

We are in the process of deploying a PGP Universal server to allow encrypted messages to be sent to people from on-campus. The way the licensing works for PGP, there are a couple of different setup methods that have different implications.

  1. You purchase the system based on the number of Desktop clients that will have PGP desktop installed.
  2. To do desktop encryption, that client will need a Desktop license and have it installed
  3. To send encrypted email between internal users uses will need a desktop license and to have it installed
  4. To send encrypted emails externally - ultimately only 1 desktop license is needed for unlimited users
During implementation of the external gateway, we have experienced a couple of errors. One error in particular is receiving warnings that our ticket is not trusted even though we purchased the certificate from Entrust. Luckily we found a post by Ian Kirk who had already solved it the problem.  This article will be going through his steps and adding screenshots for internal documentation purposes.

Step 2
Step 1

  1. Log into the PGP universal server as an admin and go to Keys > Trusted Keys.
  2. Scroll to the bottom of that page and select Add Trusted Key. 
  3. Paste the public root key from entrust  and choose Trust key for verifying SSL/TLS and Trust key for verifying mail.
  4. Do the same for the Intermediate key.
  5. Go to Services > Web Messenger and Disable and Re-enable the Service.

Step 3.


This seems to have resolved the prompts that the site and keys were trusted. That said, more setup needs to occur because mail is not being encrypted when sent yet based on tests.

No comments:

Post a Comment