Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cross certification of a domain with a single server outside that domain

Posted on 2004-04-22
10
Medium Priority
?
1,142 Views
Last Modified: 2013-11-16
We have installed a new 6.5 server and are now trying to get access for the users. For a whole lot of reasons, the server has a separate domain. We had it working on an old 5.01 server but the hardware is failing and we need to go to 6.5 anyway. So we set up a new server.

We had the users accessing the old server without cross certifying the users seperately.

The users are organised as: name/dept/company
The server is dept2/company2

What we want is to cross certify the users to give them access to the server.
The more I read about this, the more I get confused.

What is the step by step process to cross certify the */dept/company on our new server?
I do not remember ever using a safe id of the dept/company  cert.id to cross certify.
I thought we used a subset of an user id file, but that seems not right.

Sorry for the rambling post, but it does need a little detail I think.


0
Comment
Question by:Lykle
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 19

Expert Comment

by:RanjeetRain
ID: 10887647
I assume you will be accessing your old domain from your new domain for read only purposes. Do this:

-> Login to the old server as admin
-> Open the old server's address book (global)
-> Go to certificates view
-> Click the Add certifier action button
-> Fill in the details
-> Choose your NEW server's cert.id file as the source and OLD server's id as to be certified

You will need to have the ceritifier passwords. Also reboot your server (I am not sure as to it is required or not).
0
 

Author Comment

by:Lykle
ID: 10887752
Hmm, no not really.

The users have a main id, they use this for all the apps on the dept/Company network.

But this specific server has a different cert.id
But the users still need to access the server as if it is in their domain.
So users with name/dept/company need to fully access the server dept2/company2
I can't seem to figure out, what needs te be corss certified with what.
0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 10887936
You can cross certify your 2 organizations, use the Domino Administrator to do that (configuration tab, tools/certification/cross certify)

Create a safe id for the 2 cert.id's , and then cross certify one with the other (in both directions).

You can also open the admin client on the server1, and access server 2 -> you will be prompted if you want to accept the certificate, and which certificate (the root or the server).  Do this for server 2 -> server 1 too, and the result is the same.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 15

Expert Comment

by:Bozzie4
ID: 10887953
The reason to create safe.id's and not use the cert.id is that you can safely mail the safe.id around (for instance to another company, if you want to cross certify 2 servers and use Notes RPC between each other), or work with it, it won't affect your cert.id.  
Although I think it's possible to really use both the cert.id files to do the cross certification, I wouldn't recommend it, and I would definitely take the safe route, that is create the safe id's.

cheers,

Tom
0
 

Author Comment

by:Lykle
ID: 10888210
Thanks Bozzie4,
I agree that that is the normal way to do it, using safe.ids.
The strange this is, that I am very sure that we did not use cert.id or a safe id of the dept/company domain. That is one of the reasons we have a separate domain, the company IT admins do not want "wild" servers on their network.

But it has been done, so you are probably right.
0
 
LVL 31

Expert Comment

by:qwaletee
ID: 10889957
There is an easier way, if the 6.5 server has not gone to production yet.  Transition all the files from the 5 box to the 6 box, switch Ip addresses and server IDs, and you are done.  The existing x-cert will apply.
0
 

Author Comment

by:Lykle
ID: 10890095
That's what we tried.
I still can't figure out why that didn't work.
Next option is to put all data on the new server and upgrade the server with all the various upgrades.

Ahwell. I think we have been bouncing it around enough now.
So, who do I give it to?

I think Bozzie
0
 
LVL 15

Accepted Solution

by:
Bozzie4 earned 375 total points
ID: 10890143
Well, you can cross certify between every id that's available (user.id - server.id, user.id - cert.id, server.id - cert.id , ...) , and it's not always necessary to create a safe id (like the example of cross certifying the servers shows).

If you can, follow Qwaletees advice, of keeping your configuration using the same id's - that's a lot simpeler.

cheers,

Tom
0
 
LVL 13

Expert Comment

by:CRAK
ID: 10893367
And we have a 1st entry in Top-15!
Congrats buddy!
0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 10896577
The first and already no longer the only one ...  I once ranked number 1 anyway :-)

Tom
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You’ve got a lotus Domino web server, and you have been told that “leverage browser caching” is a must do. This means that we have to tell the browser everywhere in the web to use cache. In other words, we set (and send) an expiration date in the HT…
  In today’s Arena we can’t imagine our lives without Internet as we are highly used to of it. If we consider our life style just for only 2 min we found that face to face communication is swapped by e-communication.  Every Where from Works place to…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question