Symantec Encryption Product Community

 View Only
  • 1.  ADK, WDE Admin & internal users' keys appear as not verified and not trusted on Symantec Encryption Desktop keyring.

    Posted Jun 17, 2014 01:55 AM
    1.  The keyring of internal users shows ADK & WDE admin keys as not verified & not trusted, How can these keys appear as trusted & verified automatically?
    2.  When an internal user key is imported, the key should appear as trusted, signed & verified automatically.. How to achieve this??
    • Symantec Encryption Server version: 3.3.2 MP1 (Build 15337)
    • Desktop Version: 10.3.2 MP1 (Build 15337)

     



  • 2.  RE: ADK, WDE Admin & internal users' keys appear as not verified and not trusted on Symantec Encryption Desktop keyring.

    Posted Jun 17, 2014 09:35 AM

    I think you need to verify it and trust it BEFORE importing it into the Universal Server.



  • 3.  RE: ADK, WDE Admin & internal users' keys appear as not verified and not trusted on Symantec Encryption Desktop keyring.

    Broadcom Employee
    Posted Jun 18, 2014 06:00 AM

    Hi, Mehmood

    Regarding ADK do you know if the key was created with unbound client and upload to Universal ?

    Did you try to create an ADK with managed client.

    This issue usually happen when the ADK is not signed by organization key and thus not marked as
    verified.

    In certain situations when ADK is in CKM mode and client is bind to UN with key mode as SCKM or CKM then ADK client can remain 'unverified'

     



     



  • 4.  RE: ADK, WDE Admin & internal users' keys appear as not verified and not trusted on Symantec Encryption Desktop keyring.

    Posted Jun 18, 2014 06:07 AM

    Adam,

    Is this tech note now out of date?  It states that you must create the ADK with an unmanaged client

    http://www.symantec.com/docs/TECH149215



  • 5.  RE: ADK, WDE Admin & internal users' keys appear as not verified and not trusted on Symantec Encryption Desktop keyring.

    Broadcom Employee
    Posted Jun 18, 2014 06:32 AM

    Hi Alex,

    Yes that is right. You must create an ADK with unmanaged client as per KB.

    Apoogise .. It was my typo as it should be unmanaged client as oposite to managed client where you can genereate a key and upload a key to PGP UN under AD section but ADK won't work.

     



  • 6.  RE: ADK, WDE Admin & internal users' keys appear as not verified and not trusted on Symantec Encryption Desktop keyring.

    Posted Jun 18, 2014 07:26 AM

    Thnak  you Adam & Alex,

    I had generated the ADK & WDE admin keys on a managed client.

    I followed this doc: http://www.symantec.com/business/support/index?page=content&id=TECH149500.

    Neither the ADK-Guidelines nor the Admin guide state the usage of unmanaged client to generate ADK

    Is there any way that e can mark these keys as verified now?

    What are the effects of continuing with these keys marked as unverified?