SECURITY
You configure triggers to initiate user key rollover through a security settings policy document, and for the server key rollover, in the Server document. Triggers include:
Lotus Notes users can also trigger key rollover through the "Create New Public Keys" button on the User Security dialog box. If they choose 'Authentication protocol' to as the certificate request method, the current keys are rolled over just as if it were triggered by a policy setting. If they choose "Mail Protocol," the R6 and earlier mail method is used.
For more information on how users can trigger key rollover, see "Creating a new Notes public key and adding it to the Domino Directory."
When a policy has been established, or if the user has triggered key rollover through the User Security dialog box, the next time the user authenticates with the home server, key rollover information is written to the ID file. When a trigger condition occurs and a user accepts the prompt to allow key rollover, key rollover is initiated and new keys are created in the user ID file and marked pending. When the user authenticates with the home server after the new/pending keys are generated, a Certify New Key Request is created in the Administration Requests database.
To complete the key rollover process:
1. In the IBM® Lotus® Domino® Administrator, open the Administration Requests database.
2. In the Certify New Key Requests view, select the request for the user, and then click Certify Selected Entries.
3. In the Choose a Certifier dialog box, do one of the following:
5. In the Processing Statistics dialog box, verify that there are no failures and click OK.
When the user next authenticates with the home server, a dialog box appears, asking the new user if they want to accept the new public keys. The user must click OK to accept the new certificates. The new/pending keys in the user's ID file are activated and the old keys are archived.
Note The archived keys remain in the ID file so they are available to decrypt documents that were encrypted with that key.
To configure server key rollover
1. In the Server document, click Administration.
2. Under Public Key Requirements, complete the following fields:
4. Restart the server.
5. In the Domino Administrator, open the Administration Requests database.
6. In the Certify New Key Requests view, select the request for the server, and then click Certify Selected Entries.
7. In the Choose a Certifier dialog box, do one of the following:
9. In the Processing Statistics dialog box, verify that there are no failures and click Ok.
10. At the server console, type "tell adminp process all" to complete the key certification processing.
11. Type "restart server." Restarting the server causes the server to read its configuration and accept the new certified keys.
Related topics