Solved

Please Help!  Cross Certificate Errors in Lotus Notes

Posted on 2008-10-17
11
1,378 Views
Last Modified: 2013-12-18
Hi lnotes experts (I so appreciate you assistance)!

I designed a small db for my husband's company who is on 6.5.2 (upgrading to 8.0 soon).  We have had no problems until now replacing the design when they asked for more features or if we needed to fix something.  We would replace design and all was good (no error, no new certificates, etc.).

This last time we went to replace design and we keep getting "Invalid Cross Certificate was found for /(mycompany name).  This could be a possible attack, please notify your administrator.  Select 'Yes' to keep the current existing Cross Certificate.

Please help!  I don't want cross certificates or errors to keep popping up for the users.  The only thing different between the last update and this one is that I had to reinstall domino on my machine, but I set it up exactly the same.
0
Comment
Question by:onederwomyn
11 Comments
 
LVL 22

Expert Comment

by:mbonaci
Comment Utility
If that would work like you mentioned then I could install server e.g. LOTUS/IBM and register myself as administrator and hack into the real IBM domain.

When you installed the new server it got the different security key.
You should now uninstall your new server at home and install the new one, as existing server and use the cert.id from your husband's company.

Hope this helps,
Mb¤
0
 

Author Comment

by:onederwomyn
Comment Utility
I don't have a domino server.  I just program and test out of designer.  I don't run agents -- the only thing it does is simple emailing and I can tell if that is working without the server.  So, I am not sure how it gets its security key without the server.
0
 
LVL 22

Expert Comment

by:mbonaci
Comment Utility
How do you mean you don't have server, you said this:
"The only thing different between the last update and this one is that I had to reinstall domino on my machine, but I set it up exactly the same."

Domino = server

What have you installed (new) then?
Have you used your old ID file or you created a new one?
What else is different?
0
 
LVL 22

Expert Comment

by:mbonaci
Comment Utility
You can try this as an emergency fix:
Before replacing design in the husband's company, with the templates you brought from home, first create copy of the template using Notes client and use it to replace design.

Hope this helps,
mb¤
0
 
LVL 63

Expert Comment

by:SysExpert
Comment Utility
1) As mentioned, you should be using the same ID file to sign the design template

2) Make sure that no changes were done on the server regarding policies for security of templates.

3) Check the ECM settings on the users having issues, and see if you  are listed as a trusted user, if not sign the template with a user who is already trusted by everybody.


I hope this helps !
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:onederwomyn
Comment Utility
My apologies, I meant domino designer, not just domino!  I have on my workstation, domino designer and lotus notes mail client.  

Your last solution I had read somewhere else as well and I am going to try it.  I have my fingers crossed it works.
0
 

Author Comment

by:onederwomyn
Comment Utility
How do you sign a template?  I know it sounds stupid, but I thought it just automatically signs it with the name of the person who created it.

Also, does anyone know of step by step documents that I can give his IT area as to how to sign it so that people stop getting cross certificates?  Ugh.  I have encountered this stuff previously, because I developed for the company that it was used in.  I am no longer at that job and doing part time development for a company I do not work at.  I don't have an ID file there and am not set up on their server.
0
 

Author Comment

by:onederwomyn
Comment Utility
One last thing -- how can I tell what the name of the id file was that signed their current production version?
0
 
LVL 22

Expert Comment

by:mbonaci
Comment Utility
Open db in designer, locate the design element you last edited, properties, field $UpdatedBy - last entry.
0
 
LVL 20

Accepted Solution

by:
brwwiggins earned 500 total points
Comment Utility
You can sign the template using the admin client. Go to the Files tab then expand database on the right and click on sign..
0
 
LVL 46

Expert Comment

by:Sjef Bosman
Comment Utility
I suppose this is what happened:
- you installed 1, 2, or all clients (Notes, Designer and Admin) on your PC
- you generated an id yourself (say for One Derwoman/HomePC ;-))
- you cross-certified that id on the server of the company
- PC CRASH or whatever, time to reinstall
- you installed 1, 2, or all clients (Notes, Designer and Admin) on your PC
- you generated an id yourself (say for One Derwoman/HomePC ;-))
- you cross-certified that id on the server of the company

And now you think that the first One Derwoman/HomePC is exactly the same as the second One Derwoman/HomePC?? Wrong! Exactly as Marko saidin his first post: that would enable anybody to assume someone else's identity. So, both ids are NOT identical, hence the load of errormessages you get.

Two solutions:
- get your original id-file and see if it still works on your installation; if it does, resign all elements in your database with the old id and redo the installation of thze application on the company's server
- if you do no longer have the original id, make a copy of the current one and put it in a safe place; then repeat the original cross-certification procedure, so your current id will get cross-certified.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This is an old article, please see an updated version of this article, located here: http://www.experts-exchange.com/articles/23619/Notes-8-5x-Windows-7-Notes-info-and-tips.html
For beginners of Lotus Notes user this is important to know about the types of files and their location supported by IBM Notes. Mostly users are unaware about how many file types are created and what their usages are. This Article is fully dedicated…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now