I am setting up Symantec PGP mail encryption for a company.
User keys are kept in Symantec Encryption Server Key Server in Server Key Mode.
My users need the ability to send encrypted mails to users in sister company.
Sister company has certificate authority that cannot be accessed with LDAP or http.
Instead, they send us periodically a file containing list of their user certificates (aprox. several thousand) in format
name.surname@domain.com|MII-Base64-encoded-X.509 certificate==”|GENERATED
File is imported into our domain controller Active Directory OU, creating a contact for every imported email, with certificate stored in userCertificate attribute.
Is it possible for Encryption Server to perform an Active Directory LDAP query for recipient public key – the external keyserver interface does not support authentication, and I am not sure that 'X.509 Directory LDAP type' is looking for certificate in appropriate AD attribute?
Alternatively, is there a way to automate / bulk import user certificates from the file provided into key server (e.g. script that inserts it into key server via LDAP...)?
Manual import of single certificate fails, because key server is not able to retrieve CRL from certificate authority.
Any ideas or thoughts would be appreciated.