This article presents an overview of the tasks required to change the domain name of an out-of-the-box PGP Encryption Server.
Some environments might not require all of these because they don't use all features, while deployments might have particular configurations that require a deeper analysis.
Please carefully review the entire procedure before modifying a production environment.
Organization
It is especially important to not change the organization keypair when doing this. Be sure to backup your org key before doing anything and have a backup of the PGP Encryption Server.
If the Org key is re-generated, this can cause problems with key signatures and backups. All user keys will have unverified signatures until they are renewed with this new Organization Key. Organization Certificates and Ignition keys are also removed as part of regenerating your Organization Keypair. As mentioned, before proceeding, back up the PGP Encryption Server and the current Organization Key. Organization Certificate is required only in case of S/MIME encryption.
Managed Domains
Add the new domain to the list of managed domains.
Navigate to Organization > Managed Domain and click Add Managed Domain. Type the new domain name and click Save.
Services - Web messenger
This is usually updated automatically after changing the hostname of the server on the network tab. Only Public URL needs to be changed.
Keyserver
This should also be changed when changing the hostname of the server. Verify the changes and if the value is not correct, update the keyserver service to use the correct FQDN.
Navigate to Services > Keyserver and click Edit. Change the Public URL from ldap://keys.domain.com to ldap://keys.newdomain.com and click Save.
Certificate Revocation
Verify the URL’s are correct.
System - Clustering
For clustering, in each server of the cluster, check the database table for cluster_member. This is found by running the following Postgresql query via ssh:
psql oviddb ovidr -x -c "select * from cluster_member;"
Please contact the Enterprise Support for assistance if an update will be required.
For help with accessing the server via SSH, see the following article:
153592 - Access the PGP Encryption Server by using SSH
Accessing the PGP Encryption Server command line for read-only purposes (such as to view settings, services, logs, processes, disk space, query the database, etc) is supported.
However, performing configuration modifications or customizations via the command line may void your Symantec Support agreement unless the following procedures are followed.
Any changes made to the PGP Encryption Server via the command line must be:
When in doubt, reach out to Symantec Encryption Support, for further guidance.
Changes made through the command line may not persist through reboots and may be incompatible with future releases.
Symantec Technical Support may also require reverting any custom configurations on the PGP Encryption Server back to a default state when troubleshooting new issues.