What is Lotus Notes Certificate?
A certificate in Lotus Notes is a digital signature which identifies user or server. Any User Ids can have more than one Internet certificates which identify users while using SSL to connect to an Internet server.
What is Certifier ID in Lotus Notes?
Certifier ID is created to place servers and users in a right manner within the hierarchy scheme of an organization, it is stored as a cert.id in a domino directory.
Certifier ID and Certificates are important for IBM Lotus Domino security.
1. Organization Certifier ID
While setting up the server for the first time, the setup server program will create the organization certifier ID file in the directory of Domino server and the created file will be named as Cert.id. While setting up, that organization certifier ID automatically certifies the first server ID of Domino server and the administrator's user ID.
2. Organizational unit Certifier ID
During this server setup, you can also create a first level organizational unit certifiers id resulting that server id and admin user id are approved with the organizational unit certifier. Using this you can decentralize certification by giving certifier ID to Administrators who manages users and servers.
By default, the server stores the certifier id file at the Domino data directory. During the setup of Domino Administrator for choosing either organization certifier ID or organization unit certifier ID, so there you can specify where you want to store ID file. For more security, you can store the certifiers at some safe place.
Both flat certificates or Internet certificates can be deleted from Lotus Notes user ID. While deleting certificates, Lotus Notes keeps all the keys used to decrypt data which was encrypted by those certificates.
Procedure to delete certificates from Lotus Notes:
Notes Certificates are only valid for some period of time and you need to renew it before its expiry period. If a certificate not gets renewed before the expiration date then that certificates become invalid which means you will not be able to login to Lotus Notes server. At that time, the user will need to be contacted to Administrator.
Renewing of the certificate means to change its expiration date, the public and private keys remain same after renewal. As the private keys will remain same and not changing so admin will renew the certificates without user's interference. If it doesn′t happen you will receive a prompt showing certificates are about to expire.
To know the expiration date of notes Certificate, follow the below steps:
To know expiry date of Lotus Notes flat certificates and Internet certificates.
From User Security click in, click Your Identity and go to Your certificates and choose the certificates you want to view and refer to Expires given the certificate.
Server Admin can keep the track of the certificate requests which the sent to CA. This request document keeps the method used to submit the certificates, date and time of the request, the key ring file used for the certificate, all info about the certificate and even the email addresses to which admin sent the requests.
Only the Administrator of Lotus Domino can change the ID password be it User ID, Certifier ID or Server ID. These ID can be examined under Administrator panel window.
Error 1: ‘Cannot accept internet certificate because the Certificate Authority certificate is unavailable’
When does it occur?
If you have users certificate which you wish your users should install to their user ID file so that they can use S/MIME for email. We export this certificate from web browsers but when the users import this certificate, the following error occurs:
“Cannot accept internet certificate because the Certificate Authority certificate is unavailable”
This error occurs if you do not select option to “include all certificates” while exporting the certificate from the browser.
Follow the below given steps to avoid this error:
When does it occur?
In IBM Domino Admin, when you rename the common name of users. Then go to the Administration Requests database i.e Admin4.nsf to accept requests to start renaming process. After that when you issue “tell adminp process all” command on server console but received following error message:
“The signature on the certificate was found to be invalid”
How to resolve this error?
To complete renaming progress without error, eliminate all requests for renaming from Admin4.nsf database file, firstly recertify the user and then rename the user. Even after if the error is shown means that the certifier on which the users was moved is corrupted.
In above article we have discussed most of the information about Lotus Domino Server Certificates and its ID file which is called certifier ID. Certificates in Lotus Notes is for providing more security to the users account. We have also discussed the challenges come while setting up the certificates in the Domino server and provides the methods to solve these issues.