Avatar of AVIVOL
AVIVOL
Flag for Australia asked on

Lotus Notes User's Recertified Certificate keeps expiring

We have a staff member whose Notes ID certificate is repeatedly saying it is expiring each day.  I can recertify the certificate every morning, and for the day it works fine.  On the client I can check the expiry date after recertification for the ID and it is correct (two years remaining).  On the servers (we have three), the staff member's certificate expiry is also appearing correctly.

Today the certificate has finally expired.  Interestingly, when logging into Notes and checking the expiry date prior to opening a DB it showed that it had two years before expiry.  However as soon as I tried to open a server-based database the error "certificate expired" appeared, and subsequently checking the expiry on the client shows that it has simply expired.

I initially thought that the server is over-riding the local certificate's expiry date.  In other words, I thought recertifying the certificate would update the local ID file but not the server address book, however it is not the case.  Also, the servers appear to be replicating the certification expiry details correctly and this has been checked on all three of our servers.  Finally, as the replication occurs frequently during the day its odd that a replication problem would be the case as the error appears overnight, and not after a sheduled server replication.

I'm at a loss as to why this is occurring.  I did recreate the staff member's account to only have the old expiry issue reoccur the following day.  Hence why I believe the issue revolves around a value stuck on the server's address book in one of the replicas.

Note - I have tried recertification on both the staff member's home server as well as the Primary server for the address book.

Any advice would be great.
 

Cheers.
Lotus IBM

Avatar of undefined
Last Comment
Sjef Bosman

8/22/2022 - Mon
Sjef Bosman

No clue...

Things to check:
- do you have a (backup) copy of the modified ID-file?
- is there some procedure that refreshes the Notes databases and ID every morning? (e.g. flash USB key??)
- are the clocks of user's PC and of the server correctly set?
ASKER CERTIFIED SOLUTION
larsberntrop

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
AVIVOL

ASKER
It seems that for the first time in two weeks this problem has stopped.  I'm guessing I did something slightly different the last time round that did the trick as this morning all was fine.

@larsbertrop I think you're right.  The ID file itself wasn't expired but correctly recertified, however the server record in the address book was updated during recertification (perhaps).  Not sure why as the last recertification worked and the others did not though, and am concerned this will happen again as I've just needed to recertify another person.

However, in this new case the ID file was never recertified via the Notes process on the client; this staff member chose to wait until their certificate expired and unable to log in before raising the issue.  I've recertified the file directly and it seems correct in the address books across all servers.
Sjef Bosman

Staff members often need a good spanking...
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23