Solved

Cross Certificates When Using App for First Time -- Way to Turn them off?

Posted on 2008-10-15
5
326 Views
Last Modified: 2013-12-18
I developed a small application for my husband's company.  Every time a new user goes to do an execute command (submitting, etc.), it gives them a cross certificate in which they have to grant permission, etc.  I believe 4 things in the application will make these pop up.

Is there something I can do to shut off the cross certificates OR something their IT department can do to create a global trust certificate so the users don't have to see these?  The users are not very tech-savy, see these and think they are viruses.  Seriously....
0
Comment
Question by:onederwomyn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 46

Accepted Solution

by:
Sjef Bosman earned 250 total points
ID: 22725773
Yep: have someone ate the company sign the design of the application. It's in the Admin client, under Files. Select the database, then right-click the database and select Sign. The Admin is the ideal user to sign a design. He should know what he's doing of course, because signing an agent with your "virus" in it will be executed in his name...

PS He/His=She/Her of course
0
 

Author Comment

by:onederwomyn
ID: 22730584
Thanks!  Two follow up questions, though.  Will the admin have to go in and sign it every time they replace design?  They are asking for some changes and we have been moving them once a week or so.  Also, will this signature just replace my companies?  Or, does it have to be unsigned before doing this?
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 22730882
How to do this:
- make a copy of your template (not a replica)
- sign all design elements in the new copy using the admin's or server's idea
- test
- test
- test again ;-)
- replace or refresh the operational database

Re your f-u-questions:
- yes, they'd have to re-sign every time you deliver an updated template
- yes, all signatures will be replaced, don't worry

If they don't want to re-sign every time, they could also give you a developer .id file. Prolly too expensive for them... and signing is definitely clearer: it's the transfer or responsibility.
0
 

Author Comment

by:onederwomyn
ID: 22731012
Sorry to be a pain.  I for the most part, get it.  But, can you clarify, this:

- sign all design elements in the new copy using the admin's or server's idea
I have no idea how to sign all the design elements -- I thought it automatically did it in developer.  And what do you mean their idea?  If something is unsigned, how do you sign it or change signature?

Also, last night I had my husband replace design (he has that authority, but is not an ADM) and when he went to open the database, an error popped up and he got all the certificates again.  EVEN THOUGH, he already had a certificate for my companies name.  The only thing I did between the last version and this version is have to reload Domino Designer/Lotus Notes on my PC.  I am pretty sure I set it up the same, why would my certificate be different?  Usually when he replaces design, he doesn't get certificates because he has already marked them as trusted??
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 22744915
I suppose it's a lot clearer now, since you closed this question. Certificates are a difficult subject. Every design element always has a signature, usually of the last person who saved the element. A scheduled agent runs as if started by the person with the signature in that agent. Usually, that is not the best way to do things, because that means that that person would need more rights on the server than necessary. In many cases, those agents need to do a lot of administration in the database, and require the rights to do that. That's why a template is usually signed by one of the organisation's admins (or servers), since they have administrative rights on all databases.

So a person usually has ONE certificate (or very few), but can have MANY cross-certificates. A cross-certificate is a copy of a certificate of someone else, who has in turn a copy of your certificate, mutually trusting one another. The messages he gets are probably the consequence of the new template that wasn't signed by a person who was already trusted by your husband.

There's a great book on the security of Notes that describes this much better than I ever could. It's in the redbooks on Domino, on the IBM site somewhere.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is an old article, please see an updated version of this article, located here: http://www.experts-exchange.com/articles/23619/Notes-8-5x-Windows-7-Notes-info-and-tips.html
Problem "Can you help me recover my changes?  I double-clicked the attachment, made changes, and then hit Save before closing it.  But when I try to re-open it, my changes are missing!"    Solution This solution opens the Outlook Secure Temp Fold…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question