?
Solved

Cross certification of a domain with a single server outside that domain

Posted on 2004-04-22
10
Medium Priority
?
1,139 Views
Last Modified: 2013-11-16
We have installed a new 6.5 server and are now trying to get access for the users. For a whole lot of reasons, the server has a separate domain. We had it working on an old 5.01 server but the hardware is failing and we need to go to 6.5 anyway. So we set up a new server.

We had the users accessing the old server without cross certifying the users seperately.

The users are organised as: name/dept/company
The server is dept2/company2

What we want is to cross certify the users to give them access to the server.
The more I read about this, the more I get confused.

What is the step by step process to cross certify the */dept/company on our new server?
I do not remember ever using a safe id of the dept/company  cert.id to cross certify.
I thought we used a subset of an user id file, but that seems not right.

Sorry for the rambling post, but it does need a little detail I think.


0
Comment
Question by:Lykle
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 19

Expert Comment

by:RanjeetRain
ID: 10887647
I assume you will be accessing your old domain from your new domain for read only purposes. Do this:

-> Login to the old server as admin
-> Open the old server's address book (global)
-> Go to certificates view
-> Click the Add certifier action button
-> Fill in the details
-> Choose your NEW server's cert.id file as the source and OLD server's id as to be certified

You will need to have the ceritifier passwords. Also reboot your server (I am not sure as to it is required or not).
0
 

Author Comment

by:Lykle
ID: 10887752
Hmm, no not really.

The users have a main id, they use this for all the apps on the dept/Company network.

But this specific server has a different cert.id
But the users still need to access the server as if it is in their domain.
So users with name/dept/company need to fully access the server dept2/company2
I can't seem to figure out, what needs te be corss certified with what.
0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 10887936
You can cross certify your 2 organizations, use the Domino Administrator to do that (configuration tab, tools/certification/cross certify)

Create a safe id for the 2 cert.id's , and then cross certify one with the other (in both directions).

You can also open the admin client on the server1, and access server 2 -> you will be prompted if you want to accept the certificate, and which certificate (the root or the server).  Do this for server 2 -> server 1 too, and the result is the same.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 15

Expert Comment

by:Bozzie4
ID: 10887953
The reason to create safe.id's and not use the cert.id is that you can safely mail the safe.id around (for instance to another company, if you want to cross certify 2 servers and use Notes RPC between each other), or work with it, it won't affect your cert.id.  
Although I think it's possible to really use both the cert.id files to do the cross certification, I wouldn't recommend it, and I would definitely take the safe route, that is create the safe id's.

cheers,

Tom
0
 

Author Comment

by:Lykle
ID: 10888210
Thanks Bozzie4,
I agree that that is the normal way to do it, using safe.ids.
The strange this is, that I am very sure that we did not use cert.id or a safe id of the dept/company domain. That is one of the reasons we have a separate domain, the company IT admins do not want "wild" servers on their network.

But it has been done, so you are probably right.
0
 
LVL 31

Expert Comment

by:qwaletee
ID: 10889957
There is an easier way, if the 6.5 server has not gone to production yet.  Transition all the files from the 5 box to the 6 box, switch Ip addresses and server IDs, and you are done.  The existing x-cert will apply.
0
 

Author Comment

by:Lykle
ID: 10890095
That's what we tried.
I still can't figure out why that didn't work.
Next option is to put all data on the new server and upgrade the server with all the various upgrades.

Ahwell. I think we have been bouncing it around enough now.
So, who do I give it to?

I think Bozzie
0
 
LVL 15

Accepted Solution

by:
Bozzie4 earned 375 total points
ID: 10890143
Well, you can cross certify between every id that's available (user.id - server.id, user.id - cert.id, server.id - cert.id , ...) , and it's not always necessary to create a safe id (like the example of cross certifying the servers shows).

If you can, follow Qwaletees advice, of keeping your configuration using the same id's - that's a lot simpeler.

cheers,

Tom
0
 
LVL 13

Expert Comment

by:CRAK
ID: 10893367
And we have a 1st entry in Top-15!
Congrats buddy!
0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 10896577
The first and already no longer the only one ...  I once ranked number 1 anyway :-)

Tom
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IBM Notes offer Encryption feature using which the user can secure its NSF emails or entire database easily. In this section we will discuss about the process to Encrypt Incoming and Outgoing Mails in depth.
Article by: Rob
Notes 8.5 Archiving Steps and Tips This article covers setting up a Notes archive, and helps understand some of the menu choices making setting up and maintaining a Notes archive file easier.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses
Course of the Month8 days, 6 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question