Lotus Domino Administrator 8.5 Help - Recertifying a user ID

USER AND SERVER CONFIGURATION

Recertifying a user ID
Before a user ID reaches its expiration date, recertify the user ID using the original certifier ID. The user ID is recertified without renaming the user.

Use the Certificate expiration view to determine which certifiers need to be recertified. Access this view from Files - Certlog.nsf - By Expiration date. All certifiers are listed by expiration date.

To recertify a user ID using a certifier other than the certifier used to create the user ID, You need to move a user name in the name hierarchy.

To recertify a user ID

Follow these steps to use the Administration Process to recertify a hierarchical ID that is about to expire.

1. To recertify a user ID, you must have:

Author with Create documents access and the UserModifier role, or Editor access to the IBM® Lotus® Domino® Directory
At least Author with Create documents access to the Certification Log (CERTLOG.NSF)

2. From the Domino Administrator, click the People & Groups tab.

3. Select the user to be recertified with the same certifier.

4. From the tools pane, select People - Recertify.

5. Complete these fields:

Field Action

Server Do one of these:

If you are using the Lotus Domino server-based CA, choose the server that is used to access the Domino Directory to look up the list of certifiers.
If you are supplying a certifier ID, select the server that is used to locate the list of certifiers so that the Certifier ID file can be updated with the latest set of certificates for itself and all of its ancestors. This is also the server on which CERTLOG.NSF is updated.

Use the CA process Choose this option if you have configured the Lotus Domino server-based CA.

Select a CA configured certifier from the list and click OK.

Supply certifier ID and password Choose this option if you are using a certifier ID and password.

Choose the certifier ID that certified the user's ID and click Open. For example, to rename Joe Smith/Sales/NYC/ACME, use the certifier ID named SALES.ID.
Click "Certifier ID" to select an ID other than the one displayed.
Enter the password for the certifier ID and click OK.

6. Verify the certifying ID information and complete the following fields:

Field Action

New certificate expiration date (Optional) Specify a certifier ID expiration date other than the default two years from the current date.

Only renew certificates that will expire before (Optional) Enter a date to recertify only a subset of selected user IDs, according to their current expiration dates.

Edit or inspect each entry before submitting request (Optional) Select the option to edit or inspect each entry before submitting the request if you want to view each certificate before it is renewed.

7. If you selected the option to view each entry prior to its being submitted, the Recertify Person dialog box appears with non-modifiable information in the primary and common name fields. Review the information that displays, then select one of the following:

OK - to submit the name change.
Skip - if you are recertifying more than one user ID and you want to continue to the next without submitting a recertification for the current name.
Cancel Remaining Entries - to cancel this recertification, as well as those for any other names you selected and have not yet submitted.

8. When the Processing Statistics dialog box appears, review the information to verify that all name changes have succeeded. Click OK. If any fail, check the Certifier Log (certlog.nsf) to determine the reason for the failure.

Recertifying a certifier ID or a user ID

Certifier IDs and certificates

Recertifying or renaming user IDs by organization

Managing users

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary

Field	Action
Server	Do one of these: If you are using the Lotus Domino server-based CA, choose the server that is used to access the Domino Directory to look up the list of certifiers. If you are supplying a certifier ID, select the server that is used to locate the list of certifiers so that the Certifier ID file can be updated with the latest set of certificates for itself and all of its ancestors. This is also the server on which CERTLOG.NSF is updated.
Use the CA process	Choose this option if you have configured the Lotus Domino server-based CA. Select a CA configured certifier from the list and click OK.
Supply certifier ID and password	Choose this option if you are using a certifier ID and password. Choose the certifier ID that certified the user's ID and click Open. For example, to rename Joe Smith/Sales/NYC/ACME, use the certifier ID named SALES.ID. Click "Certifier ID" to select an ID other than the one displayed. Enter the password for the certifier ID and click OK.

Field	Action
New certificate expiration date	(Optional) Specify a certifier ID expiration date other than the default two years from the current date.
Only renew certificates that will expire before	(Optional) Enter a date to recertify only a subset of selected user IDs, according to their current expiration dates.
Edit or inspect each entry before submitting request	(Optional) Select the option to edit or inspect each entry before submitting the request if you want to view each certificate before it is renewed.