Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1540
  • Last Modified:

Please Help! Cross Certificate Errors in Lotus Notes

Hi lnotes experts (I so appreciate you assistance)!

I designed a small db for my husband's company who is on 6.5.2 (upgrading to 8.0 soon).  We have had no problems until now replacing the design when they asked for more features or if we needed to fix something.  We would replace design and all was good (no error, no new certificates, etc.).

This last time we went to replace design and we keep getting "Invalid Cross Certificate was found for /(mycompany name).  This could be a possible attack, please notify your administrator.  Select 'Yes' to keep the current existing Cross Certificate.

Please help!  I don't want cross certificates or errors to keep popping up for the users.  The only thing different between the last update and this one is that I had to reinstall domino on my machine, but I set it up exactly the same.
0
onederwomyn
Asked:
onederwomyn
1 Solution
 
mbonaciCommented:
If that would work like you mentioned then I could install server e.g. LOTUS/IBM and register myself as administrator and hack into the real IBM domain.

When you installed the new server it got the different security key.
You should now uninstall your new server at home and install the new one, as existing server and use the cert.id from your husband's company.

Hope this helps,
Mb¤
0
 
onederwomynAuthor Commented:
I don't have a domino server.  I just program and test out of designer.  I don't run agents -- the only thing it does is simple emailing and I can tell if that is working without the server.  So, I am not sure how it gets its security key without the server.
0
 
mbonaciCommented:
How do you mean you don't have server, you said this:
"The only thing different between the last update and this one is that I had to reinstall domino on my machine, but I set it up exactly the same."

Domino = server

What have you installed (new) then?
Have you used your old ID file or you created a new one?
What else is different?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
mbonaciCommented:
You can try this as an emergency fix:
Before replacing design in the husband's company, with the templates you brought from home, first create copy of the template using Notes client and use it to replace design.

Hope this helps,
mb¤
0
 
SysExpertCommented:
1) As mentioned, you should be using the same ID file to sign the design template

2) Make sure that no changes were done on the server regarding policies for security of templates.

3) Check the ECM settings on the users having issues, and see if you  are listed as a trusted user, if not sign the template with a user who is already trusted by everybody.


I hope this helps !
0
 
onederwomynAuthor Commented:
My apologies, I meant domino designer, not just domino!  I have on my workstation, domino designer and lotus notes mail client.  

Your last solution I had read somewhere else as well and I am going to try it.  I have my fingers crossed it works.
0
 
onederwomynAuthor Commented:
How do you sign a template?  I know it sounds stupid, but I thought it just automatically signs it with the name of the person who created it.

Also, does anyone know of step by step documents that I can give his IT area as to how to sign it so that people stop getting cross certificates?  Ugh.  I have encountered this stuff previously, because I developed for the company that it was used in.  I am no longer at that job and doing part time development for a company I do not work at.  I don't have an ID file there and am not set up on their server.
0
 
onederwomynAuthor Commented:
One last thing -- how can I tell what the name of the id file was that signed their current production version?
0
 
mbonaciCommented:
Open db in designer, locate the design element you last edited, properties, field $UpdatedBy - last entry.
0
 
brwwigginsCommented:
You can sign the template using the admin client. Go to the Files tab then expand database on the right and click on sign..
0
 
Sjef BosmanGroupware ConsultantCommented:
I suppose this is what happened:
- you installed 1, 2, or all clients (Notes, Designer and Admin) on your PC
- you generated an id yourself (say for One Derwoman/HomePC ;-))
- you cross-certified that id on the server of the company
- PC CRASH or whatever, time to reinstall
- you installed 1, 2, or all clients (Notes, Designer and Admin) on your PC
- you generated an id yourself (say for One Derwoman/HomePC ;-))
- you cross-certified that id on the server of the company

And now you think that the first One Derwoman/HomePC is exactly the same as the second One Derwoman/HomePC?? Wrong! Exactly as Marko saidin his first post: that would enable anybody to assume someone else's identity. So, both ids are NOT identical, hence the load of errormessages you get.

Two solutions:
- get your original id-file and see if it still works on your installation; if it does, resign all elements in your database with the old id and redo the installation of thze application on the company's server
- if you do no longer have the original id, make a copy of the current one and put it in a safe place; then repeat the original cross-certification procedure, so your current id will get cross-certified.
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now