Solved

Cross certification of a domain with a single server outside that domain

Posted on 2004-04-22
10
1,128 Views
Last Modified: 2013-11-16
We have installed a new 6.5 server and are now trying to get access for the users. For a whole lot of reasons, the server has a separate domain. We had it working on an old 5.01 server but the hardware is failing and we need to go to 6.5 anyway. So we set up a new server.

We had the users accessing the old server without cross certifying the users seperately.

The users are organised as: name/dept/company
The server is dept2/company2

What we want is to cross certify the users to give them access to the server.
The more I read about this, the more I get confused.

What is the step by step process to cross certify the */dept/company on our new server?
I do not remember ever using a safe id of the dept/company  cert.id to cross certify.
I thought we used a subset of an user id file, but that seems not right.

Sorry for the rambling post, but it does need a little detail I think.


0
Comment
Question by:Lykle
10 Comments
 
LVL 19

Expert Comment

by:RanjeetRain
ID: 10887647
I assume you will be accessing your old domain from your new domain for read only purposes. Do this:

-> Login to the old server as admin
-> Open the old server's address book (global)
-> Go to certificates view
-> Click the Add certifier action button
-> Fill in the details
-> Choose your NEW server's cert.id file as the source and OLD server's id as to be certified

You will need to have the ceritifier passwords. Also reboot your server (I am not sure as to it is required or not).
0
 

Author Comment

by:Lykle
ID: 10887752
Hmm, no not really.

The users have a main id, they use this for all the apps on the dept/Company network.

But this specific server has a different cert.id
But the users still need to access the server as if it is in their domain.
So users with name/dept/company need to fully access the server dept2/company2
I can't seem to figure out, what needs te be corss certified with what.
0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 10887936
You can cross certify your 2 organizations, use the Domino Administrator to do that (configuration tab, tools/certification/cross certify)

Create a safe id for the 2 cert.id's , and then cross certify one with the other (in both directions).

You can also open the admin client on the server1, and access server 2 -> you will be prompted if you want to accept the certificate, and which certificate (the root or the server).  Do this for server 2 -> server 1 too, and the result is the same.
0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 10887953
The reason to create safe.id's and not use the cert.id is that you can safely mail the safe.id around (for instance to another company, if you want to cross certify 2 servers and use Notes RPC between each other), or work with it, it won't affect your cert.id.  
Although I think it's possible to really use both the cert.id files to do the cross certification, I wouldn't recommend it, and I would definitely take the safe route, that is create the safe id's.

cheers,

Tom
0
 

Author Comment

by:Lykle
ID: 10888210
Thanks Bozzie4,
I agree that that is the normal way to do it, using safe.ids.
The strange this is, that I am very sure that we did not use cert.id or a safe id of the dept/company domain. That is one of the reasons we have a separate domain, the company IT admins do not want "wild" servers on their network.

But it has been done, so you are probably right.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 31

Expert Comment

by:qwaletee
ID: 10889957
There is an easier way, if the 6.5 server has not gone to production yet.  Transition all the files from the 5 box to the 6 box, switch Ip addresses and server IDs, and you are done.  The existing x-cert will apply.
0
 

Author Comment

by:Lykle
ID: 10890095
That's what we tried.
I still can't figure out why that didn't work.
Next option is to put all data on the new server and upgrade the server with all the various upgrades.

Ahwell. I think we have been bouncing it around enough now.
So, who do I give it to?

I think Bozzie
0
 
LVL 15

Accepted Solution

by:
Bozzie4 earned 125 total points
ID: 10890143
Well, you can cross certify between every id that's available (user.id - server.id, user.id - cert.id, server.id - cert.id , ...) , and it's not always necessary to create a safe id (like the example of cross certifying the servers shows).

If you can, follow Qwaletees advice, of keeping your configuration using the same id's - that's a lot simpeler.

cheers,

Tom
0
 
LVL 13

Expert Comment

by:CRAK
ID: 10893367
And we have a 1st entry in Top-15!
Congrats buddy!
0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 10896577
The first and already no longer the only one ...  I once ranked number 1 anyway :-)

Tom
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an old article, please see an updated version of this article, located here: http://www.experts-exchange.com/articles/23619/Notes-8-5x-Windows-7-Notes-info-and-tips.html
  In today’s Arena we can’t imagine our lives without Internet as we are highly used to of it. If we consider our life style just for only 2 min we found that face to face communication is swapped by e-communication.  Every Where from Works place to…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now