Changing the domain of Encryption Management Server
Last Updated March 17, 2017
The domain of Encryption Management Server needs changing.
This article presents an overview of the tasks required to change the domain name of an out-of-the-box Encryption Management Server. Some environments might not require all of these because they don't use all features, while deployments might have particular configurations that require a deeper analysis.
Please carefully review the entire procedure before modifying a production environment.
Changing an Encryption Management Server hostname involves regenerating the Organization Keypair. This can cause problems with key signatures and backups. All user keys will have unverified signatures until they are renewed with this new Organization Key. Organization Certificates and Ignition keys are also removed as part of regenerating your Organization Keypair. Before proceeding, back up the Encryption Management Server and the current Organization Key. Organization Certificate is required only in case of S/MIME encryption.
Add the new domain to the list of managed domains.
Navigate to Organization > Managed Domain and click Add Managed Domain. Type the new domain name and click Save.
Proxies – Edit the Mail Proxies if the FQDN on Mail server changes.
Mail Routes – New Domain is required for the Web Messenger Feature.
Services - Web messenger
This is usually updated automatically after changing the hostname of the server on the network tab. Only Public URL needs to be changed.
This should also be changed when changing the hostname of the server. Verify the changes and if the value is not correct, update the keyserver service to use the correct FQDN.
Navigate to Services > Keyserver and click Edit. Change the Public URL from ldap://keys.domain.com to ldap://keys.newdomain.com and click Save.
Verify the URL’s are correct.
System - Clustering
For clustering, in each server of the cluster, check the database table for cluster_member. This is found by running the following Postgresql query via ssh:
psql oviddb ovidr -x -c "select * from cluster_member;"
Please contact the Enterprise Support for assistance if an update will be required.
Using SSH access use the following (for help with accessing the server via SSH, see the following Knowledge Base article).
Accessing the Encryption Management Server command line for read-only purposes (such as to view settings, services, logs, processes, disk space, query the database, etc) is supported. However, performing configuration modifications or customizations via the command line may void your Symantec Support agreement unless the following procedures are followed.
Any changes made to the Encryption Management Server via the command line must be:
Authorized in writing by Symantec Support.
Implemented by a Symantec Partner, reseller or Symantec Technical Support.
Summarized and documented in a text file in /var/lib/ovid/customization on the Encryption Management Server itself.
Changes made through the command line may not persist through reboots and may be incompatible with future releases. Symantec Technical Support may also require reverting any custom configurations on the Encryption Management Server back to a default state when troubleshooting new issues.
Imported Document ID: TECH178120
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe