Solved

Notes Safe ID

Posted on 2011-03-01
7
1,659 Views
Last Modified: 2013-12-18
Hello,

When we certify a Safe ID and send it back to the user are they required to use that safe id to connect or can they use their normal id?

Are there any other step that they will need to take to use either once it has been signed and sent back to them.
0
Comment
Question by:bckr
  • 3
  • 2
  • 2
7 Comments
 
LVL 6

Expert Comment

by:bluemeln
ID: 35011778
The user needs to open Lotus Notes with the user ID for which you are trying to renew certificates. The SAFE.ID file contains the new certificates, which are imported into the user's ID file. Whether or not the user can actually connect to your email system depends on if the current certificate in the user's ID file has already expired. If it has not, the SAFE.ID is requested and returned by email, the user opens the email and follows the instructions to import the new certificates. If it has, the SAFE.ID is moved back and forth on a floppy or USB and the user imports the Notes certificates from the SAFE.ID to the user ID that way.

Ideally, once the user has imported the new certificates, which updates her/his ID file, a copy of the user's ID file should be obtained by the administrator for offline emergency storage. One thing to remember here, depending on your internal practice, is to set the password of the ID file to something you will still know a few years from now.

Here are the two methods
0
 
LVL 6

Accepted Solution

by:
bluemeln earned 125 total points
ID: 35011847
If the user's Lotus Notes certificate has already expired:
PART I - From user's computer:
File > Security > User Security
Renew > Export ID > Save to floppy > Do not continue
Take floppy and put in admin PC.

PART II - From Admin PC: Open Lotus Notes Administrator > Configuration tab
On right, select Certification > Certify > select proper server > select and log on with proper certifier ID
Browse to ID file on floppy and extend certificate by x years > save
Take floppy back to user PC

PART III - On user PC: File > Security > User Security > Your Identity > Your Certificates > Get Certificates > Import Notes certicates > Browse to ID file on floppy

If the user's Notes certificate has not yet expired and (s)he can still use email:
Following the instructions in the pop-up request, the user requests Notes certificate renewal by email, which the system sends to the Notes admin. Once the admin replies, the user opens the email and clicks on Actions > Accept Certificates and the certs are imported into the user's ID file.
0
 

Author Comment

by:bckr
ID: 35011894
Hi Bluemeln,

Perhaps I was not clear in my question.

This has nothing to do with an expired ID. Our client is hosted on a shared domino environment. Occasionally a they a client will wish for an outside entity to access their account for maintenance, development or other reasons.

So, we sign a copy of that companies safe ID with the clients certifier which gives them access to just that accounts databases without having to have their own ID.

Does this make any sense? Thanks again.

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 6

Expert Comment

by:bluemeln
ID: 35012156
I am not familiar with this scenario, but my understanding has always been that the SAFE.ID is simply a container for certificates and keys and cannot be used by itself. It sounds like cross-certification in your case is occuring at the domain/server level, not the user ID level. If that is the case, then users from the contractor's domain will automatically be granted access your client's domain once you have performed the cross-certification on your end. Is your situation like the one described in this article? http://searchdomino.techtarget.com/tip/Securely-connect-Lotus-Domino-servers-on-different-domains
0
 
LVL 2

Expert Comment

by:kbardin
ID: 35022879
You should not have to send the safe ID back to the user they should be able to use their own id to access your system.  If you look in the Security -> Certificates view in your name and address book and look at the category Notes Cross Certificates you should see an entry for the safe.id that you cross-certified.  It is this cross-certificate record that grants access to your system.
0
 
LVL 2

Assisted Solution

by:kbardin
kbardin earned 125 total points
ID: 35022888
Another thing - you may need to give the user specific access to your server so that they can connect to you.
0
 

Author Closing Comment

by:bckr
ID: 35022979
Thank you for both responses.

Both of these helped my figure out what I was going worng. Misunderstanding on my part. Thank you. If possible splitting the points would be desirable.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem "Can you help me recover my changes?  I double-clicked the attachment, made changes, and then hit Save before closing it.  But when I try to re-open it, my changes are missing!"    Solution This solution opens the Outlook Secure Temp Fold…
This article covers general Notes 8.5 troubleshooting information including recreating the Notes\Data folder.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now