Link to home
Start Free TrialLog in
Avatar of AVIVOL
AVIVOLFlag for Australia

asked on

Lotus Notes User's Recertified Certificate keeps expiring

We have a staff member whose Notes ID certificate is repeatedly saying it is expiring each day.  I can recertify the certificate every morning, and for the day it works fine.  On the client I can check the expiry date after recertification for the ID and it is correct (two years remaining).  On the servers (we have three), the staff member's certificate expiry is also appearing correctly.

Today the certificate has finally expired.  Interestingly, when logging into Notes and checking the expiry date prior to opening a DB it showed that it had two years before expiry.  However as soon as I tried to open a server-based database the error "certificate expired" appeared, and subsequently checking the expiry on the client shows that it has simply expired.

I initially thought that the server is over-riding the local certificate's expiry date.  In other words, I thought recertifying the certificate would update the local ID file but not the server address book, however it is not the case.  Also, the servers appear to be replicating the certification expiry details correctly and this has been checked on all three of our servers.  Finally, as the replication occurs frequently during the day its odd that a replication problem would be the case as the error appears overnight, and not after a sheduled server replication.

I'm at a loss as to why this is occurring.  I did recreate the staff member's account to only have the old expiry issue reoccur the following day.  Hence why I believe the issue revolves around a value stuck on the server's address book in one of the replicas.

Note - I have tried recertification on both the staff member's home server as well as the Primary server for the address book.

Any advice would be great.
 

Cheers.
Avatar of Sjef Bosman
Sjef Bosman
Flag of France image

No clue...

Things to check:
- do you have a (backup) copy of the modified ID-file?
- is there some procedure that refreshes the Notes databases and ID every morning? (e.g. flash USB key??)
- are the clocks of user's PC and of the server correctly set?
ASKER CERTIFIED SOLUTION
Avatar of larsberntrop
larsberntrop
Flag of Netherlands image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of AVIVOL

ASKER

It seems that for the first time in two weeks this problem has stopped.  I'm guessing I did something slightly different the last time round that did the trick as this morning all was fine.

@larsbertrop I think you're right.  The ID file itself wasn't expired but correctly recertified, however the server record in the address book was updated during recertification (perhaps).  Not sure why as the last recertification worked and the others did not though, and am concerned this will happen again as I've just needed to recertify another person.

However, in this new case the ID file was never recertified via the Notes process on the client; this staff member chose to wait until their certificate expired and unable to log in before raising the issue.  I've recertified the file directly and it seems correct in the address books across all servers.
Staff members often need a good spanking...