Solved

Notes Safe ID

Posted on 2011-03-01
7
1,638 Views
Last Modified: 2013-12-18
Hello,

When we certify a Safe ID and send it back to the user are they required to use that safe id to connect or can they use their normal id?

Are there any other step that they will need to take to use either once it has been signed and sent back to them.
0
Comment
Question by:bckr
  • 3
  • 2
  • 2
7 Comments
 
LVL 6

Expert Comment

by:bluemeln
ID: 35011778
The user needs to open Lotus Notes with the user ID for which you are trying to renew certificates. The SAFE.ID file contains the new certificates, which are imported into the user's ID file. Whether or not the user can actually connect to your email system depends on if the current certificate in the user's ID file has already expired. If it has not, the SAFE.ID is requested and returned by email, the user opens the email and follows the instructions to import the new certificates. If it has, the SAFE.ID is moved back and forth on a floppy or USB and the user imports the Notes certificates from the SAFE.ID to the user ID that way.

Ideally, once the user has imported the new certificates, which updates her/his ID file, a copy of the user's ID file should be obtained by the administrator for offline emergency storage. One thing to remember here, depending on your internal practice, is to set the password of the ID file to something you will still know a few years from now.

Here are the two methods
0
 
LVL 6

Accepted Solution

by:
bluemeln earned 125 total points
ID: 35011847
If the user's Lotus Notes certificate has already expired:
PART I - From user's computer:
File > Security > User Security
Renew > Export ID > Save to floppy > Do not continue
Take floppy and put in admin PC.

PART II - From Admin PC: Open Lotus Notes Administrator > Configuration tab
On right, select Certification > Certify > select proper server > select and log on with proper certifier ID
Browse to ID file on floppy and extend certificate by x years > save
Take floppy back to user PC

PART III - On user PC: File > Security > User Security > Your Identity > Your Certificates > Get Certificates > Import Notes certicates > Browse to ID file on floppy

If the user's Notes certificate has not yet expired and (s)he can still use email:
Following the instructions in the pop-up request, the user requests Notes certificate renewal by email, which the system sends to the Notes admin. Once the admin replies, the user opens the email and clicks on Actions > Accept Certificates and the certs are imported into the user's ID file.
0
 

Author Comment

by:bckr
ID: 35011894
Hi Bluemeln,

Perhaps I was not clear in my question.

This has nothing to do with an expired ID. Our client is hosted on a shared domino environment. Occasionally a they a client will wish for an outside entity to access their account for maintenance, development or other reasons.

So, we sign a copy of that companies safe ID with the clients certifier which gives them access to just that accounts databases without having to have their own ID.

Does this make any sense? Thanks again.

0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 6

Expert Comment

by:bluemeln
ID: 35012156
I am not familiar with this scenario, but my understanding has always been that the SAFE.ID is simply a container for certificates and keys and cannot be used by itself. It sounds like cross-certification in your case is occuring at the domain/server level, not the user ID level. If that is the case, then users from the contractor's domain will automatically be granted access your client's domain once you have performed the cross-certification on your end. Is your situation like the one described in this article? http://searchdomino.techtarget.com/tip/Securely-connect-Lotus-Domino-servers-on-different-domains
0
 
LVL 2

Expert Comment

by:kbardin
ID: 35022879
You should not have to send the safe ID back to the user they should be able to use their own id to access your system.  If you look in the Security -> Certificates view in your name and address book and look at the category Notes Cross Certificates you should see an entry for the safe.id that you cross-certified.  It is this cross-certificate record that grants access to your system.
0
 
LVL 2

Assisted Solution

by:kbardin
kbardin earned 125 total points
ID: 35022888
Another thing - you may need to give the user specific access to your server so that they can connect to you.
0
 

Author Closing Comment

by:bckr
ID: 35022979
Thank you for both responses.

Both of these helped my figure out what I was going worng. Misunderstanding on my part. Thank you. If possible splitting the points would be desirable.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Problem "Can you help me recover my changes?  I double-clicked the attachment, made changes, and then hit Save before closing it.  But when I try to re-open it, my changes are missing!"    Solution This solution opens the Outlook Secure Temp Fold…
Article by: Rob
Notes 8.5 Archiving Steps and Tips This article covers setting up a Notes archive, and helps understand some of the menu choices making setting up and maintaining a Notes archive file easier.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now