SECURITY


Creating a new Notes public key and adding it to the Domino Directory
For IBM® Lotus® Domino® 6 and earlier servers, creating and certifying a new public key requires the following procedures, which are described below:
For Domino 7 and later servers, administrators can use the key rollover process for creating new public keys through a security settings policy document. Users can also trigger key rollover through the User Security dialog box.

To create a new Notes public key

The ID owner performs these steps.

1. Choose File - Security - User Security.

2. Type the password (if required).

3. Click Your Identity - Your Certificates, and click Other Actions. Choose "Create New Public Keys."

4. In the Create New Public Keys dialog box, users can choose the new key strength and the method for requesting the certificate.

5. If the user chooses "Authentication Protocol," then the next time the user authenticates with their home server, the keys are created and the certificate request is automatically entered into the server's Administration Requests database.

At this point, the administrator needs to complete the certification process as described in the topic "User and server key rollover."

6. If the user chooses "Mail Protocol," then the keys are created immediately, and the New Public Keys Confirmation dialog box appears.

7. In the New Public Keys Confirmation dialog box, click Continue to use Lotus Notes mail to send your request for adopting new public keys.


8. In the Mail New Public Key Request dialog box, address the request to one of the following: 9. Click Send.

To recertify the ID with a Notes certificate and add the Notes public key to the Domino Directory

The certification administrator performs these steps.

1. Open the certification request in your mail file.

2. Choose Actions - Certify Attached ID File.

3. Select whether to use a server-based certification authority or the certifier ID, and click OK.

4. If you chose to use the certifier ID, enter the password for the ID, and click OK.

5. (Optional) Change the expiration date for the certificate.

6. (Optional) Click Add to specify alternate user name information.

7. (Optional) Specify a minimum password length.

8. Click Certify. The ID owner's name appears in the To field and explanatory text appears in the Subject field of the Mail Certified ID dialog box.

9. Click Send.

To merge the new Notes certificate with the ID

The ID owner performs these steps.

1. Choose File - Security - User Security.

2. Click Your Identity - Your Certificates.

3. Click Get Certificates, and then click Import (Merge) Notes Certificates.

4. Select the recertified ID sent to you by the certification administrator, and then click OK.

To verify a Notes public key

Verifying Lotus Notes public keys against those in the Domino Directory helps prevent an unauthorized user or server from accessing another server.

1. From the Domino Administrator, click Configuration and open the Server document for the server.

2. Click Security.

3. In the Security Settings section, select one of the following in the "Compare public keys" field:

4. Select one of the following in the "Log public key mismatches" field: 5. Save the document.

6. Restart the server so that the changes take effect.

Related topics