[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1896
  • Last Modified:

Notes Safe ID

Hello,

When we certify a Safe ID and send it back to the user are they required to use that safe id to connect or can they use their normal id?

Are there any other step that they will need to take to use either once it has been signed and sent back to them.
0
bckr
Asked:
bckr
  • 3
  • 2
  • 2
2 Solutions
 
bluemelnCommented:
The user needs to open Lotus Notes with the user ID for which you are trying to renew certificates. The SAFE.ID file contains the new certificates, which are imported into the user's ID file. Whether or not the user can actually connect to your email system depends on if the current certificate in the user's ID file has already expired. If it has not, the SAFE.ID is requested and returned by email, the user opens the email and follows the instructions to import the new certificates. If it has, the SAFE.ID is moved back and forth on a floppy or USB and the user imports the Notes certificates from the SAFE.ID to the user ID that way.

Ideally, once the user has imported the new certificates, which updates her/his ID file, a copy of the user's ID file should be obtained by the administrator for offline emergency storage. One thing to remember here, depending on your internal practice, is to set the password of the ID file to something you will still know a few years from now.

Here are the two methods
0
 
bluemelnCommented:
If the user's Lotus Notes certificate has already expired:
PART I - From user's computer:
File > Security > User Security
Renew > Export ID > Save to floppy > Do not continue
Take floppy and put in admin PC.

PART II - From Admin PC: Open Lotus Notes Administrator > Configuration tab
On right, select Certification > Certify > select proper server > select and log on with proper certifier ID
Browse to ID file on floppy and extend certificate by x years > save
Take floppy back to user PC

PART III - On user PC: File > Security > User Security > Your Identity > Your Certificates > Get Certificates > Import Notes certicates > Browse to ID file on floppy

If the user's Notes certificate has not yet expired and (s)he can still use email:
Following the instructions in the pop-up request, the user requests Notes certificate renewal by email, which the system sends to the Notes admin. Once the admin replies, the user opens the email and clicks on Actions > Accept Certificates and the certs are imported into the user's ID file.
0
 
bckrAuthor Commented:
Hi Bluemeln,

Perhaps I was not clear in my question.

This has nothing to do with an expired ID. Our client is hosted on a shared domino environment. Occasionally a they a client will wish for an outside entity to access their account for maintenance, development or other reasons.

So, we sign a copy of that companies safe ID with the clients certifier which gives them access to just that accounts databases without having to have their own ID.

Does this make any sense? Thanks again.

0
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

 
bluemelnCommented:
I am not familiar with this scenario, but my understanding has always been that the SAFE.ID is simply a container for certificates and keys and cannot be used by itself. It sounds like cross-certification in your case is occuring at the domain/server level, not the user ID level. If that is the case, then users from the contractor's domain will automatically be granted access your client's domain once you have performed the cross-certification on your end. Is your situation like the one described in this article? http://searchdomino.techtarget.com/tip/Securely-connect-Lotus-Domino-servers-on-different-domains
0
 
kbardinCommented:
You should not have to send the safe ID back to the user they should be able to use their own id to access your system.  If you look in the Security -> Certificates view in your name and address book and look at the category Notes Cross Certificates you should see an entry for the safe.id that you cross-certified.  It is this cross-certificate record that grants access to your system.
0
 
kbardinCommented:
Another thing - you may need to give the user specific access to your server so that they can connect to you.
0
 
bckrAuthor Commented:
Thank you for both responses.

Both of these helped my figure out what I was going worng. Misunderstanding on my part. Thank you. If possible splitting the points would be desirable.
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now