Solved

Cross Certificates When Using App for First Time -- Way to Turn them off?

Posted on 2008-10-15
5
321 Views
Last Modified: 2013-12-18
I developed a small application for my husband's company.  Every time a new user goes to do an execute command (submitting, etc.), it gives them a cross certificate in which they have to grant permission, etc.  I believe 4 things in the application will make these pop up.

Is there something I can do to shut off the cross certificates OR something their IT department can do to create a global trust certificate so the users don't have to see these?  The users are not very tech-savy, see these and think they are viruses.  Seriously....
0
Comment
Question by:onederwomyn
  • 3
  • 2
5 Comments
 
LVL 46

Accepted Solution

by:
Sjef Bosman earned 250 total points
ID: 22725773
Yep: have someone ate the company sign the design of the application. It's in the Admin client, under Files. Select the database, then right-click the database and select Sign. The Admin is the ideal user to sign a design. He should know what he's doing of course, because signing an agent with your "virus" in it will be executed in his name...

PS He/His=She/Her of course
0
 

Author Comment

by:onederwomyn
ID: 22730584
Thanks!  Two follow up questions, though.  Will the admin have to go in and sign it every time they replace design?  They are asking for some changes and we have been moving them once a week or so.  Also, will this signature just replace my companies?  Or, does it have to be unsigned before doing this?
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 22730882
How to do this:
- make a copy of your template (not a replica)
- sign all design elements in the new copy using the admin's or server's idea
- test
- test
- test again ;-)
- replace or refresh the operational database

Re your f-u-questions:
- yes, they'd have to re-sign every time you deliver an updated template
- yes, all signatures will be replaced, don't worry

If they don't want to re-sign every time, they could also give you a developer .id file. Prolly too expensive for them... and signing is definitely clearer: it's the transfer or responsibility.
0
 

Author Comment

by:onederwomyn
ID: 22731012
Sorry to be a pain.  I for the most part, get it.  But, can you clarify, this:

- sign all design elements in the new copy using the admin's or server's idea
I have no idea how to sign all the design elements -- I thought it automatically did it in developer.  And what do you mean their idea?  If something is unsigned, how do you sign it or change signature?

Also, last night I had my husband replace design (he has that authority, but is not an ADM) and when he went to open the database, an error popped up and he got all the certificates again.  EVEN THOUGH, he already had a certificate for my companies name.  The only thing I did between the last version and this version is have to reload Domino Designer/Lotus Notes on my PC.  I am pretty sure I set it up the same, why would my certificate be different?  Usually when he replaces design, he doesn't get certificates because he has already marked them as trusted??
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 22744915
I suppose it's a lot clearer now, since you closed this question. Certificates are a difficult subject. Every design element always has a signature, usually of the last person who saved the element. A scheduled agent runs as if started by the person with the signature in that agent. Usually, that is not the best way to do things, because that means that that person would need more rights on the server than necessary. In many cases, those agents need to do a lot of administration in the database, and require the rights to do that. That's why a template is usually signed by one of the organisation's admins (or servers), since they have administrative rights on all databases.

So a person usually has ONE certificate (or very few), but can have MANY cross-certificates. A cross-certificate is a copy of a certificate of someone else, who has in turn a copy of your certificate, mutually trusting one another. The messages he gets are probably the consequence of the new template that wasn't signed by a person who was already trusted by your husband.

There's a great book on the security of Notes that describes this much better than I ever could. It's in the redbooks on Domino, on the IBM site somewhere.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For users on the Lotus Notes 8 Standard client, this article provides information on checking the Java Heap size and adjusting it to half of your system RAM in attempt to get the Lotus Notes 8.x Standard client to run faster.  I've had to exercise t…
Lack of Storage capacity is a common problem that exists in every field of life. Here we are taking the case of Lotus Notes Emails, as we all know that we are totally depend on e-communication i.e. Emails. This article is fully dedicated to resolvin…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now