Solved

Cross certification of a domain with a single server outside that domain

Posted on 2004-04-22
10
1,129 Views
Last Modified: 2013-11-16
We have installed a new 6.5 server and are now trying to get access for the users. For a whole lot of reasons, the server has a separate domain. We had it working on an old 5.01 server but the hardware is failing and we need to go to 6.5 anyway. So we set up a new server.

We had the users accessing the old server without cross certifying the users seperately.

The users are organised as: name/dept/company
The server is dept2/company2

What we want is to cross certify the users to give them access to the server.
The more I read about this, the more I get confused.

What is the step by step process to cross certify the */dept/company on our new server?
I do not remember ever using a safe id of the dept/company  cert.id to cross certify.
I thought we used a subset of an user id file, but that seems not right.

Sorry for the rambling post, but it does need a little detail I think.


0
Comment
Question by:Lykle
10 Comments
 
LVL 19

Expert Comment

by:RanjeetRain
ID: 10887647
I assume you will be accessing your old domain from your new domain for read only purposes. Do this:

-> Login to the old server as admin
-> Open the old server's address book (global)
-> Go to certificates view
-> Click the Add certifier action button
-> Fill in the details
-> Choose your NEW server's cert.id file as the source and OLD server's id as to be certified

You will need to have the ceritifier passwords. Also reboot your server (I am not sure as to it is required or not).
0
 

Author Comment

by:Lykle
ID: 10887752
Hmm, no not really.

The users have a main id, they use this for all the apps on the dept/Company network.

But this specific server has a different cert.id
But the users still need to access the server as if it is in their domain.
So users with name/dept/company need to fully access the server dept2/company2
I can't seem to figure out, what needs te be corss certified with what.
0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 10887936
You can cross certify your 2 organizations, use the Domino Administrator to do that (configuration tab, tools/certification/cross certify)

Create a safe id for the 2 cert.id's , and then cross certify one with the other (in both directions).

You can also open the admin client on the server1, and access server 2 -> you will be prompted if you want to accept the certificate, and which certificate (the root or the server).  Do this for server 2 -> server 1 too, and the result is the same.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 15

Expert Comment

by:Bozzie4
ID: 10887953
The reason to create safe.id's and not use the cert.id is that you can safely mail the safe.id around (for instance to another company, if you want to cross certify 2 servers and use Notes RPC between each other), or work with it, it won't affect your cert.id.  
Although I think it's possible to really use both the cert.id files to do the cross certification, I wouldn't recommend it, and I would definitely take the safe route, that is create the safe id's.

cheers,

Tom
0
 

Author Comment

by:Lykle
ID: 10888210
Thanks Bozzie4,
I agree that that is the normal way to do it, using safe.ids.
The strange this is, that I am very sure that we did not use cert.id or a safe id of the dept/company domain. That is one of the reasons we have a separate domain, the company IT admins do not want "wild" servers on their network.

But it has been done, so you are probably right.
0
 
LVL 31

Expert Comment

by:qwaletee
ID: 10889957
There is an easier way, if the 6.5 server has not gone to production yet.  Transition all the files from the 5 box to the 6 box, switch Ip addresses and server IDs, and you are done.  The existing x-cert will apply.
0
 

Author Comment

by:Lykle
ID: 10890095
That's what we tried.
I still can't figure out why that didn't work.
Next option is to put all data on the new server and upgrade the server with all the various upgrades.

Ahwell. I think we have been bouncing it around enough now.
So, who do I give it to?

I think Bozzie
0
 
LVL 15

Accepted Solution

by:
Bozzie4 earned 125 total points
ID: 10890143
Well, you can cross certify between every id that's available (user.id - server.id, user.id - cert.id, server.id - cert.id , ...) , and it's not always necessary to create a safe id (like the example of cross certifying the servers shows).

If you can, follow Qwaletees advice, of keeping your configuration using the same id's - that's a lot simpeler.

cheers,

Tom
0
 
LVL 13

Expert Comment

by:CRAK
ID: 10893367
And we have a 1st entry in Top-15!
Congrats buddy!
0
 
LVL 15

Expert Comment

by:Bozzie4
ID: 10896577
The first and already no longer the only one ...  I once ranked number 1 anyway :-)

Tom
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For Desktop Techs: How to retain a user's Notes configuration data when swapping out the end user's computer. (Assuming that you are not upgrading to a completely different version of Notes client) All you need to do is: 1) install Notes o…
Lack of Storage capacity is a common problem that exists in every field of life. Here we are taking the case of Lotus Notes Emails, as we all know that we are totally depend on e-communication i.e. Emails. This article is fully dedicated to resolvin…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question