Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Notes Safe ID

Posted on 2011-03-01
7
Medium Priority
?
1,828 Views
Last Modified: 2013-12-18
Hello,

When we certify a Safe ID and send it back to the user are they required to use that safe id to connect or can they use their normal id?

Are there any other step that they will need to take to use either once it has been signed and sent back to them.
0
Comment
Question by:bckr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 6

Expert Comment

by:bluemeln
ID: 35011778
The user needs to open Lotus Notes with the user ID for which you are trying to renew certificates. The SAFE.ID file contains the new certificates, which are imported into the user's ID file. Whether or not the user can actually connect to your email system depends on if the current certificate in the user's ID file has already expired. If it has not, the SAFE.ID is requested and returned by email, the user opens the email and follows the instructions to import the new certificates. If it has, the SAFE.ID is moved back and forth on a floppy or USB and the user imports the Notes certificates from the SAFE.ID to the user ID that way.

Ideally, once the user has imported the new certificates, which updates her/his ID file, a copy of the user's ID file should be obtained by the administrator for offline emergency storage. One thing to remember here, depending on your internal practice, is to set the password of the ID file to something you will still know a few years from now.

Here are the two methods
0
 
LVL 6

Accepted Solution

by:
bluemeln earned 375 total points
ID: 35011847
If the user's Lotus Notes certificate has already expired:
PART I - From user's computer:
File > Security > User Security
Renew > Export ID > Save to floppy > Do not continue
Take floppy and put in admin PC.

PART II - From Admin PC: Open Lotus Notes Administrator > Configuration tab
On right, select Certification > Certify > select proper server > select and log on with proper certifier ID
Browse to ID file on floppy and extend certificate by x years > save
Take floppy back to user PC

PART III - On user PC: File > Security > User Security > Your Identity > Your Certificates > Get Certificates > Import Notes certicates > Browse to ID file on floppy

If the user's Notes certificate has not yet expired and (s)he can still use email:
Following the instructions in the pop-up request, the user requests Notes certificate renewal by email, which the system sends to the Notes admin. Once the admin replies, the user opens the email and clicks on Actions > Accept Certificates and the certs are imported into the user's ID file.
0
 

Author Comment

by:bckr
ID: 35011894
Hi Bluemeln,

Perhaps I was not clear in my question.

This has nothing to do with an expired ID. Our client is hosted on a shared domino environment. Occasionally a they a client will wish for an outside entity to access their account for maintenance, development or other reasons.

So, we sign a copy of that companies safe ID with the clients certifier which gives them access to just that accounts databases without having to have their own ID.

Does this make any sense? Thanks again.

0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 6

Expert Comment

by:bluemeln
ID: 35012156
I am not familiar with this scenario, but my understanding has always been that the SAFE.ID is simply a container for certificates and keys and cannot be used by itself. It sounds like cross-certification in your case is occuring at the domain/server level, not the user ID level. If that is the case, then users from the contractor's domain will automatically be granted access your client's domain once you have performed the cross-certification on your end. Is your situation like the one described in this article? http://searchdomino.techtarget.com/tip/Securely-connect-Lotus-Domino-servers-on-different-domains
0
 
LVL 2

Expert Comment

by:kbardin
ID: 35022879
You should not have to send the safe ID back to the user they should be able to use their own id to access your system.  If you look in the Security -> Certificates view in your name and address book and look at the category Notes Cross Certificates you should see an entry for the safe.id that you cross-certified.  It is this cross-certificate record that grants access to your system.
0
 
LVL 2

Assisted Solution

by:kbardin
kbardin earned 375 total points
ID: 35022888
Another thing - you may need to give the user specific access to your server so that they can connect to you.
0
 

Author Closing Comment

by:bckr
ID: 35022979
Thank you for both responses.

Both of these helped my figure out what I was going worng. Misunderstanding on my part. Thank you. If possible splitting the points would be desirable.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

  In today’s Arena we can’t imagine our lives without Internet as we are highly used to of it. If we consider our life style just for only 2 min we found that face to face communication is swapped by e-communication.  Every Where from Works place to…
This article covers general Notes 8.5 troubleshooting information including recreating the Notes\Data folder.
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question