Solved

Please Help!  Cross Certificate Errors in Lotus Notes

Posted on 2008-10-17
11
1,387 Views
Last Modified: 2013-12-18
Hi lnotes experts (I so appreciate you assistance)!

I designed a small db for my husband's company who is on 6.5.2 (upgrading to 8.0 soon).  We have had no problems until now replacing the design when they asked for more features or if we needed to fix something.  We would replace design and all was good (no error, no new certificates, etc.).

This last time we went to replace design and we keep getting "Invalid Cross Certificate was found for /(mycompany name).  This could be a possible attack, please notify your administrator.  Select 'Yes' to keep the current existing Cross Certificate.

Please help!  I don't want cross certificates or errors to keep popping up for the users.  The only thing different between the last update and this one is that I had to reinstall domino on my machine, but I set it up exactly the same.
0
Comment
Question by:onederwomyn
11 Comments
 
LVL 22

Expert Comment

by:mbonaci
ID: 22741179
If that would work like you mentioned then I could install server e.g. LOTUS/IBM and register myself as administrator and hack into the real IBM domain.

When you installed the new server it got the different security key.
You should now uninstall your new server at home and install the new one, as existing server and use the cert.id from your husband's company.

Hope this helps,
Mb¤
0
 

Author Comment

by:onederwomyn
ID: 22741243
I don't have a domino server.  I just program and test out of designer.  I don't run agents -- the only thing it does is simple emailing and I can tell if that is working without the server.  So, I am not sure how it gets its security key without the server.
0
 
LVL 22

Expert Comment

by:mbonaci
ID: 22741582
How do you mean you don't have server, you said this:
"The only thing different between the last update and this one is that I had to reinstall domino on my machine, but I set it up exactly the same."

Domino = server

What have you installed (new) then?
Have you used your old ID file or you created a new one?
What else is different?
0
 
LVL 22

Expert Comment

by:mbonaci
ID: 22741661
You can try this as an emergency fix:
Before replacing design in the husband's company, with the templates you brought from home, first create copy of the template using Notes client and use it to replace design.

Hope this helps,
mb¤
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 22741788
1) As mentioned, you should be using the same ID file to sign the design template

2) Make sure that no changes were done on the server regarding policies for security of templates.

3) Check the ECM settings on the users having issues, and see if you  are listed as a trusted user, if not sign the template with a user who is already trusted by everybody.


I hope this helps !
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:onederwomyn
ID: 22741797
My apologies, I meant domino designer, not just domino!  I have on my workstation, domino designer and lotus notes mail client.  

Your last solution I had read somewhere else as well and I am going to try it.  I have my fingers crossed it works.
0
 

Author Comment

by:onederwomyn
ID: 22741929
How do you sign a template?  I know it sounds stupid, but I thought it just automatically signs it with the name of the person who created it.

Also, does anyone know of step by step documents that I can give his IT area as to how to sign it so that people stop getting cross certificates?  Ugh.  I have encountered this stuff previously, because I developed for the company that it was used in.  I am no longer at that job and doing part time development for a company I do not work at.  I don't have an ID file there and am not set up on their server.
0
 

Author Comment

by:onederwomyn
ID: 22741932
One last thing -- how can I tell what the name of the id file was that signed their current production version?
0
 
LVL 22

Expert Comment

by:mbonaci
ID: 22742141
Open db in designer, locate the design element you last edited, properties, field $UpdatedBy - last entry.
0
 
LVL 20

Accepted Solution

by:
brwwiggins earned 500 total points
ID: 22742785
You can sign the template using the admin client. Go to the Files tab then expand database on the right and click on sign..
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 22757378
I suppose this is what happened:
- you installed 1, 2, or all clients (Notes, Designer and Admin) on your PC
- you generated an id yourself (say for One Derwoman/HomePC ;-))
- you cross-certified that id on the server of the company
- PC CRASH or whatever, time to reinstall
- you installed 1, 2, or all clients (Notes, Designer and Admin) on your PC
- you generated an id yourself (say for One Derwoman/HomePC ;-))
- you cross-certified that id on the server of the company

And now you think that the first One Derwoman/HomePC is exactly the same as the second One Derwoman/HomePC?? Wrong! Exactly as Marko saidin his first post: that would enable anybody to assume someone else's identity. So, both ids are NOT identical, hence the load of errormessages you get.

Two solutions:
- get your original id-file and see if it still works on your installation; if it does, resign all elements in your database with the old id and redo the installation of thze application on the company's server
- if you do no longer have the original id, make a copy of the current one and put it in a safe place; then repeat the original cross-certification procedure, so your current id will get cross-certified.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

For users on the Lotus Notes 8 Standard client, this article provides information on checking the Java Heap size and adjusting it to half of your system RAM in attempt to get the Lotus Notes 8.x Standard client to run faster.  I've had to exercise t…
I thought it will be a good idea to make a post as it will help in case someone else faces these issues. I trust this gives an idea how each entry in Notes.ini can mean a lot for the Domino Server to be functioning properly. This article discusses t…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now