Lotus Notes Certifier ID - Location, Set Password, Renewal & Errors

Lotus Notes Certifier ID and Certificates

What is Lotus Notes Certificate?

A certificate in Lotus Notes is a digital signature which identifies user or server. Any User Ids can have more than one Internet certificates which identify users while using SSL to connect to an Internet server.

What is Certifier ID in Lotus Notes?

Certifier ID is created to place servers and users in a right manner within the hierarchy scheme of an organization, it is stored as a cert.id in a domino directory.

Certifier ID and Certificates are important for IBM Lotus Domino security.

Location of Lotus Notes Certifier ID file

Default Location of Lotus Notes cert.id file: C:\Program Files\IBM\Domino\Data\cert.id

lotus notes log file location

What does Lotus Notes Certificate contain?

  • Certifier name that issued the certificate.
  • The name of the user or server to whom the certificate was issued.
  • The Public key which is stored in both IBM Domino directory and ID file.
  • A digital certificate.
  • The expiry date of the certificates
Certificate information

What are the types of Certifier ID?

1. Organization Certifier ID

While setting up the server for the first time, the setup server program will create the organization certifier ID file in the directory of Domino server and the created file will be named as Cert.id. While setting up, that organization certifier ID automatically certifies the first server ID of Domino server and the administrator's user ID.

2. Organizational unit Certifier ID

During this server setup, you can also create a first level organizational unit certifiers id resulting that server id and admin user id are approved with the organizational unit certifier. Using this you can decentralize certification by giving certifier ID to Administrators who manages users and servers.

How to Secure Certificates in Lotus Notes?

By default, the server stores the certifier id file at the Domino data directory. During the setup of Domino Administrator for choosing either organization certifier ID or organization unit certifier ID, so there you can specify where you want to store ID file. For more security, you can store the certifiers at some safe place.

How to delete certificates from user.id File?

Both flat certificates or Internet certificates can be deleted from Lotus Notes user ID. While deleting certificates, Lotus Notes keeps all the keys used to decrypt data which was encrypted by those certificates.

Procedure to delete certificates from Lotus Notes:

  1. Go to File > Security > User Security
  2. Click Your Identity > Your Certificates
  3. Chose All certificates in drop-down list
  4. Select the certificate you want to delete, Click Other Actions > Delete from ID File

How to Renew Lotus Notes Certificates before Expiration?

Notes Certificates are only valid for some period of time and you need to renew it before its expiry period. If a certificate not gets renewed before the expiration date then that certificates become invalid which means you will not be able to login to Lotus Notes server. At that time, the user will need to be contacted to Administrator.

Renewing of the certificate means to change its expiration date, the public and private keys remain same after renewal. As the private keys will remain same and not changing so admin will renew the certificates without user's interference. If it doesn′t happen you will receive a prompt showing certificates are about to expire.

To know the expiration date of notes Certificate, follow the below steps:

  • Select File > Security > User Security
  • Click on Security Basics.
  • Click Who you are and refer to ID File Expiration date.

To know expiry date of Lotus Notes flat certificates and Internet certificates.
From User Security click in, click Your Identity and go to Your certificates and choose the certificates you want to view and refer to Expires given the certificate.

How to Requests for a Certificate?

Server Admin can keep the track of the certificate requests which the sent to CA. This request document keeps the method used to submit the certificates, date and time of the request, the key ring file used for the certificate, all info about the certificate and even the email addresses to which admin sent the requests.

  1. On Lotus Notes Client, open server certificate admin application.
  2. Hit “view certificate request log”
  3. Open the request document.

How to change the password of certifier id?

Only the Administrator of Lotus Domino can change the ID password be it User ID, Certifier ID or Server ID. These ID can be examined under Administrator panel window.

  1. Click on certification under Tools from Configuration tab.
  2. Click on ID properties.
  3. Select the ID file you want to examine and you will be prompted for the existing password.
  4. All information of that certifier will be shown in a dialog box. Go to Basics tab and click for “Set Password” option.
  5. After all, changes made, Click on select done.

Errors occur in Lotus Notes Certificate

Error 1: ‘Cannot accept internet certificate because the Certificate Authority certificate is unavailable’

When does it occur?

If you have users certificate which you wish your users should install to their user ID file so that they can use S/MIME for email. We export this certificate from web browsers but when the users import this certificate, the following error occurs:
“Cannot accept internet certificate because the Certificate Authority certificate is unavailable”

This error occurs if you do not select option to “include all certificates” while exporting the certificate from the browser.

Follow the below given steps to avoid this error:

  1. In windows, click on start > Settings > Control Panel, click to open internet options and go to the content tab and click Certificates button.
  2. From personal tab, click the certificate need to be export.
  3. Click on Export button.
  4. Hit Next to continue and enter in Certificate Export Wizard.
  5. Click Yes, export the private key
  6. Select Personal Information Exchange
  7. Choose >include all certificates...>. Select this so that error will not occur
  8. Click on >Enable strong protection> and click Next.
  9. Apply a password.
  10. Give file location and name of the file.
  11. Click next and finish to complete export.

Error 2: ‘The signature on the certificate was found to be invalid’

When does it occur?

In IBM Domino Admin, when you rename the common name of users. Then go to the Administration Requests database i.e Admin4.nsf to accept requests to start renaming process. After that when you issue “tell adminp process all” command on server console but received following error message:
“The signature on the certificate was found to be invalid”

How to resolve this error?

To complete renaming progress without error, eliminate all requests for renaming from Admin4.nsf database file, firstly recertify the user and then rename the user. Even after if the error is shown means that the certifier on which the users was moved is corrupted.


In above article we have discussed most of the information about Lotus Domino Server Certificates and its ID file which is called certifier ID. Certificates in Lotus Notes is for providing more security to the users account. We have also discussed the challenges come while setting up the certificates in the Domino server and provides the methods to solve these issues.

A Tip for Notes user:

Sometimes a small complication necessitates moving into alternative platform. Online research says that MS Outlook is most preferable if users are leaving the IBM Notes. The situation requires data file compatibility which is successfully done through a best nsf to pst conversion tool. It will cost you a bit but can solve multiple problems.