onederwomyn
asked on
Cross Certificates When Using App for First Time -- Way to Turn them off?
I developed a small application for my husband's company. Every time a new user goes to do an execute command (submitting, etc.), it gives them a cross certificate in which they have to grant permission, etc. I believe 4 things in the application will make these pop up.
Is there something I can do to shut off the cross certificates OR something their IT department can do to create a global trust certificate so the users don't have to see these? The users are not very tech-savy, see these and think they are viruses. Seriously....
Is there something I can do to shut off the cross certificates OR something their IT department can do to create a global trust certificate so the users don't have to see these? The users are not very tech-savy, see these and think they are viruses. Seriously....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
How to do this:
- make a copy of your template (not a replica)
- sign all design elements in the new copy using the admin's or server's idea
- test
- test
- test again ;-)
- replace or refresh the operational database
Re your f-u-questions:
- yes, they'd have to re-sign every time you deliver an updated template
- yes, all signatures will be replaced, don't worry
If they don't want to re-sign every time, they could also give you a developer .id file. Prolly too expensive for them... and signing is definitely clearer: it's the transfer or responsibility.
- make a copy of your template (not a replica)
- sign all design elements in the new copy using the admin's or server's idea
- test
- test
- test again ;-)
- replace or refresh the operational database
Re your f-u-questions:
- yes, they'd have to re-sign every time you deliver an updated template
- yes, all signatures will be replaced, don't worry
If they don't want to re-sign every time, they could also give you a developer .id file. Prolly too expensive for them... and signing is definitely clearer: it's the transfer or responsibility.
ASKER
Sorry to be a pain. I for the most part, get it. But, can you clarify, this:
- sign all design elements in the new copy using the admin's or server's idea
I have no idea how to sign all the design elements -- I thought it automatically did it in developer. And what do you mean their idea? If something is unsigned, how do you sign it or change signature?
Also, last night I had my husband replace design (he has that authority, but is not an ADM) and when he went to open the database, an error popped up and he got all the certificates again. EVEN THOUGH, he already had a certificate for my companies name. The only thing I did between the last version and this version is have to reload Domino Designer/Lotus Notes on my PC. I am pretty sure I set it up the same, why would my certificate be different? Usually when he replaces design, he doesn't get certificates because he has already marked them as trusted??
- sign all design elements in the new copy using the admin's or server's idea
I have no idea how to sign all the design elements -- I thought it automatically did it in developer. And what do you mean their idea? If something is unsigned, how do you sign it or change signature?
Also, last night I had my husband replace design (he has that authority, but is not an ADM) and when he went to open the database, an error popped up and he got all the certificates again. EVEN THOUGH, he already had a certificate for my companies name. The only thing I did between the last version and this version is have to reload Domino Designer/Lotus Notes on my PC. I am pretty sure I set it up the same, why would my certificate be different? Usually when he replaces design, he doesn't get certificates because he has already marked them as trusted??
I suppose it's a lot clearer now, since you closed this question. Certificates are a difficult subject. Every design element always has a signature, usually of the last person who saved the element. A scheduled agent runs as if started by the person with the signature in that agent. Usually, that is not the best way to do things, because that means that that person would need more rights on the server than necessary. In many cases, those agents need to do a lot of administration in the database, and require the rights to do that. That's why a template is usually signed by one of the organisation's admins (or servers), since they have administrative rights on all databases.
So a person usually has ONE certificate (or very few), but can have MANY cross-certificates. A cross-certificate is a copy of a certificate of someone else, who has in turn a copy of your certificate, mutually trusting one another. The messages he gets are probably the consequence of the new template that wasn't signed by a person who was already trusted by your husband.
There's a great book on the security of Notes that describes this much better than I ever could. It's in the redbooks on Domino, on the IBM site somewhere.
So a person usually has ONE certificate (or very few), but can have MANY cross-certificates. A cross-certificate is a copy of a certificate of someone else, who has in turn a copy of your certificate, mutually trusting one another. The messages he gets are probably the consequence of the new template that wasn't signed by a person who was already trusted by your husband.
There's a great book on the security of Notes that describes this much better than I ever could. It's in the redbooks on Domino, on the IBM site somewhere.
ASKER