• The user creates the new public key and submits it for certification.
• The certification administrator certifies the user's public key with a IBM® Lotus® Notes® certificate and adds it to the Domino Directory.
• The user merges the new certificate into the user's ID file.

To create a new Notes public key

The ID owner performs these steps.

1. Choose File - Security - User Security.

2. Type the password (if required).

3. Click Your Identity - Your Certificates, and click Other Actions. Choose "Create New Public Keys."

4. In the Create New Public Keys dialog box, users can choose the new key strength and the method for requesting the certificate.

5. If the user chooses "Authentication Protocol," then the next time the user authenticates with their home server, the keys are created and the certificate request is automatically entered into the server's Administration Requests database.

At this point, the administrator needs to complete the certification process as described in the topic "User and server key rollover."

6. If the user chooses "Mail Protocol," then the keys are created immediately, and the New Public Keys Confirmation dialog box appears.

7. In the New Public Keys Confirmation dialog box, click Continue to use Lotus Notes mail to send your request for adopting new public keys.

Note If you want to create a new public key without using Lotus Notes mail, click Export ID to create a safe copy of your ID file, and then click "Do not continue." Use another e-mail program to send the exported file to the administrator.

• The certification administrator for the certifier.
• The certifier -- for example /East/Acme. Domino mails the request to the person indicated in the Administration section of the corresponding Certifier document in the Certificates view of the Domino Directory.

To recertify the ID with a Notes certificate and add the Notes public key to the Domino Directory

The certification administrator performs these steps.

1. Open the certification request in your mail file.

2. Choose Actions - Certify Attached ID File.

3. Select whether to use a server-based certification authority or the certifier ID, and click OK.

4. If you chose to use the certifier ID, enter the password for the ID, and click OK.

5. (Optional) Change the expiration date for the certificate.

6. (Optional) Click Add to specify alternate user name information.

7. (Optional) Specify a minimum password length.

8. Click Certify. The ID owner's name appears in the To field and explanatory text appears in the Subject field of the Mail Certified ID dialog box.

9. Click Send.

To merge the new Notes certificate with the ID

The ID owner performs these steps.

1. Choose File - Security - User Security.

2. Click Your Identity - Your Certificates.

3. Click Get Certificates, and then click Import (Merge) Notes Certificates.

4. Select the recertified ID sent to you by the certification administrator, and then click OK.

To verify a Notes public key

Verifying Lotus Notes public keys against those in the Domino Directory helps prevent an unauthorized user or server from accessing another server.

1. From the Domino Administrator, click Configuration and open the Server document for the server.

2. Click Security.

3. In the Security Settings section, select one of the following in the "Compare public keys" field:

• Enforce key checking for all users -- check all users' public keys
• Enforce key checking for users in trusted directories only - only check public keys for users listed in the Domino Directory.
• Do not enforce key checking - select only if you do not want to verify users public keys

• Log key mismatches for all users -- to log any public key mismatch to the
• Log key mismatches for users in trusted directories only -- only log mismatches for users listed in the Domino Directory
• Do not log key mismatches

6. Restart the server so that the changes take effect.

Related topics

User and server key rollover
Public key security

Glossary