Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Please Help!  Cross Certificate Errors in Lotus Notes

Posted on 2008-10-17
11
Medium Priority
?
1,496 Views
Last Modified: 2013-12-18
Hi lnotes experts (I so appreciate you assistance)!

I designed a small db for my husband's company who is on 6.5.2 (upgrading to 8.0 soon).  We have had no problems until now replacing the design when they asked for more features or if we needed to fix something.  We would replace design and all was good (no error, no new certificates, etc.).

This last time we went to replace design and we keep getting "Invalid Cross Certificate was found for /(mycompany name).  This could be a possible attack, please notify your administrator.  Select 'Yes' to keep the current existing Cross Certificate.

Please help!  I don't want cross certificates or errors to keep popping up for the users.  The only thing different between the last update and this one is that I had to reinstall domino on my machine, but I set it up exactly the same.
0
Comment
Question by:onederwomyn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 22

Expert Comment

by:mbonaci
ID: 22741179
If that would work like you mentioned then I could install server e.g. LOTUS/IBM and register myself as administrator and hack into the real IBM domain.

When you installed the new server it got the different security key.
You should now uninstall your new server at home and install the new one, as existing server and use the cert.id from your husband's company.

Hope this helps,
Mb¤
0
 

Author Comment

by:onederwomyn
ID: 22741243
I don't have a domino server.  I just program and test out of designer.  I don't run agents -- the only thing it does is simple emailing and I can tell if that is working without the server.  So, I am not sure how it gets its security key without the server.
0
 
LVL 22

Expert Comment

by:mbonaci
ID: 22741582
How do you mean you don't have server, you said this:
"The only thing different between the last update and this one is that I had to reinstall domino on my machine, but I set it up exactly the same."

Domino = server

What have you installed (new) then?
Have you used your old ID file or you created a new one?
What else is different?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 22

Expert Comment

by:mbonaci
ID: 22741661
You can try this as an emergency fix:
Before replacing design in the husband's company, with the templates you brought from home, first create copy of the template using Notes client and use it to replace design.

Hope this helps,
mb¤
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 22741788
1) As mentioned, you should be using the same ID file to sign the design template

2) Make sure that no changes were done on the server regarding policies for security of templates.

3) Check the ECM settings on the users having issues, and see if you  are listed as a trusted user, if not sign the template with a user who is already trusted by everybody.


I hope this helps !
0
 

Author Comment

by:onederwomyn
ID: 22741797
My apologies, I meant domino designer, not just domino!  I have on my workstation, domino designer and lotus notes mail client.  

Your last solution I had read somewhere else as well and I am going to try it.  I have my fingers crossed it works.
0
 

Author Comment

by:onederwomyn
ID: 22741929
How do you sign a template?  I know it sounds stupid, but I thought it just automatically signs it with the name of the person who created it.

Also, does anyone know of step by step documents that I can give his IT area as to how to sign it so that people stop getting cross certificates?  Ugh.  I have encountered this stuff previously, because I developed for the company that it was used in.  I am no longer at that job and doing part time development for a company I do not work at.  I don't have an ID file there and am not set up on their server.
0
 

Author Comment

by:onederwomyn
ID: 22741932
One last thing -- how can I tell what the name of the id file was that signed their current production version?
0
 
LVL 22

Expert Comment

by:mbonaci
ID: 22742141
Open db in designer, locate the design element you last edited, properties, field $UpdatedBy - last entry.
0
 
LVL 20

Accepted Solution

by:
brwwiggins earned 2000 total points
ID: 22742785
You can sign the template using the admin client. Go to the Files tab then expand database on the right and click on sign..
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 22757378
I suppose this is what happened:
- you installed 1, 2, or all clients (Notes, Designer and Admin) on your PC
- you generated an id yourself (say for One Derwoman/HomePC ;-))
- you cross-certified that id on the server of the company
- PC CRASH or whatever, time to reinstall
- you installed 1, 2, or all clients (Notes, Designer and Admin) on your PC
- you generated an id yourself (say for One Derwoman/HomePC ;-))
- you cross-certified that id on the server of the company

And now you think that the first One Derwoman/HomePC is exactly the same as the second One Derwoman/HomePC?? Wrong! Exactly as Marko saidin his first post: that would enable anybody to assume someone else's identity. So, both ids are NOT identical, hence the load of errormessages you get.

Two solutions:
- get your original id-file and see if it still works on your installation; if it does, resign all elements in your database with the old id and redo the installation of thze application on the company's server
- if you do no longer have the original id, make a copy of the current one and put it in a safe place; then repeat the original cross-certification procedure, so your current id will get cross-certified.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For Desktop Techs: How to retain a user's Notes configuration data when swapping out the end user's computer. (Assuming that you are not upgrading to a completely different version of Notes client) All you need to do is: 1) install Notes o…
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question