Solved

Notes Safe ID

Posted on 2011-03-01
7
1,681 Views
Last Modified: 2013-12-18
Hello,

When we certify a Safe ID and send it back to the user are they required to use that safe id to connect or can they use their normal id?

Are there any other step that they will need to take to use either once it has been signed and sent back to them.
0
Comment
Question by:bckr
  • 3
  • 2
  • 2
7 Comments
 
LVL 6

Expert Comment

by:bluemeln
ID: 35011778
The user needs to open Lotus Notes with the user ID for which you are trying to renew certificates. The SAFE.ID file contains the new certificates, which are imported into the user's ID file. Whether or not the user can actually connect to your email system depends on if the current certificate in the user's ID file has already expired. If it has not, the SAFE.ID is requested and returned by email, the user opens the email and follows the instructions to import the new certificates. If it has, the SAFE.ID is moved back and forth on a floppy or USB and the user imports the Notes certificates from the SAFE.ID to the user ID that way.

Ideally, once the user has imported the new certificates, which updates her/his ID file, a copy of the user's ID file should be obtained by the administrator for offline emergency storage. One thing to remember here, depending on your internal practice, is to set the password of the ID file to something you will still know a few years from now.

Here are the two methods
0
 
LVL 6

Accepted Solution

by:
bluemeln earned 125 total points
ID: 35011847
If the user's Lotus Notes certificate has already expired:
PART I - From user's computer:
File > Security > User Security
Renew > Export ID > Save to floppy > Do not continue
Take floppy and put in admin PC.

PART II - From Admin PC: Open Lotus Notes Administrator > Configuration tab
On right, select Certification > Certify > select proper server > select and log on with proper certifier ID
Browse to ID file on floppy and extend certificate by x years > save
Take floppy back to user PC

PART III - On user PC: File > Security > User Security > Your Identity > Your Certificates > Get Certificates > Import Notes certicates > Browse to ID file on floppy

If the user's Notes certificate has not yet expired and (s)he can still use email:
Following the instructions in the pop-up request, the user requests Notes certificate renewal by email, which the system sends to the Notes admin. Once the admin replies, the user opens the email and clicks on Actions > Accept Certificates and the certs are imported into the user's ID file.
0
 

Author Comment

by:bckr
ID: 35011894
Hi Bluemeln,

Perhaps I was not clear in my question.

This has nothing to do with an expired ID. Our client is hosted on a shared domino environment. Occasionally a they a client will wish for an outside entity to access their account for maintenance, development or other reasons.

So, we sign a copy of that companies safe ID with the clients certifier which gives them access to just that accounts databases without having to have their own ID.

Does this make any sense? Thanks again.

0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 6

Expert Comment

by:bluemeln
ID: 35012156
I am not familiar with this scenario, but my understanding has always been that the SAFE.ID is simply a container for certificates and keys and cannot be used by itself. It sounds like cross-certification in your case is occuring at the domain/server level, not the user ID level. If that is the case, then users from the contractor's domain will automatically be granted access your client's domain once you have performed the cross-certification on your end. Is your situation like the one described in this article? http://searchdomino.techtarget.com/tip/Securely-connect-Lotus-Domino-servers-on-different-domains
0
 
LVL 2

Expert Comment

by:kbardin
ID: 35022879
You should not have to send the safe ID back to the user they should be able to use their own id to access your system.  If you look in the Security -> Certificates view in your name and address book and look at the category Notes Cross Certificates you should see an entry for the safe.id that you cross-certified.  It is this cross-certificate record that grants access to your system.
0
 
LVL 2

Assisted Solution

by:kbardin
kbardin earned 125 total points
ID: 35022888
Another thing - you may need to give the user specific access to your server so that they can connect to you.
0
 

Author Closing Comment

by:bckr
ID: 35022979
Thank you for both responses.

Both of these helped my figure out what I was going worng. Misunderstanding on my part. Thank you. If possible splitting the points would be desirable.
0

Featured Post

ScreenConnect 6.0 Free Trial

Discover new time-saving features in one game-changing release, ScreenConnect 6.0, based on partner feedback. New features include a redesigned UI, app configurations and chat acknowledgement to improve customer engagement!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For beginners of Lotus Notes user this is important to know about the types of files and their location supported by IBM Notes. Mostly users are unaware about how many file types are created and what their usages are. This Article is fully dedicated…
Lack of Storage capacity is a common problem that exists in every field of life. Here we are taking the case of Lotus Notes Emails, as we all know that we are totally depend on e-communication i.e. Emails. This article is fully dedicated to resolvin…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question