USER AND SERVER CONFIGURATION


Recertifying a certifier ID or a user ID
Use this procedure to recertify a certifier ID or a user ID with the same certifier ID that was used previously to certify the certifier ID or user ID. Certifier IDs are used to certify other certifiers, servers, and users. A certifier ID issues a certificate to another user, server or certifier that is on the hierarchical level immediately below the certifier. For example, in the Organizational Unit Sales/NYC/ACME, NYC is the certifier for Sales; ACME is the certifier for NYC. The Organization certifier, in this case ACME, can certify itself.

You can also recertify a user ID with a different certifier ID, that is, a certifier ID other than the one used to previously certify the user ID. Although recertifying a user ID with a different certifier is allowed, it is not recommended that you do so using this procedure. In this case, you are renaming the user, which is a very complex process involving changes to ACLs for various databases, changes to lists of group members, and other related entries. Recertifying a user ID with a different certifier does not invoke the Administration Process, so all changes need to be made manually. To recertify a user with a different certifier ID, we recommend using the Rename tool, and requesting a move to a new certifier.

When you recertify an ID you can:


Types of IDs you can recertify

You can recertify any of the following types of IDs:


To recertify a certifier ID or a user ID

1. From the IBM® Lotus® Domino® Administrator, click Configuration.

2. From the tools pane, click Certification - Certify.

3. In the "Choose a Certifier" dialog box, make the following selections:
FieldAction
ServerDo one of these:
  • If you are using the Lotus Domino server-based CA, choose the server that is used to access the Domino Directory to look up the list of certifiers.
  • If you are supplying a certifier ID, select the server that is used to locate the list of certifiers so that the Certifier ID file can be updated with the latest set of certificates for itself and all of its ancestors. This is also the server on which CERTLOG.NSF is updated.
Supply certifier ID and passwordChoose the certifier ID that issued the original certificate. For example, to recertify the certifier ID for /Sales/NYC/ACME, choose the /NYC/ACME certifier ID, which is NYC.ID.
  • Click "Certifier ID" to select an ID other than the one displayed.
  • Enter the password for the certifier ID and click OK.
Note Although not recommended, you can choose a different certifier ID to recertify a user ID, instead of using the original certifying ID.
Use the CA processChoose this option to use the server-based certification authority (CA).
  • Select a CA-configured certifier from the list and click OK.
4. In the "Choose ID to Certify" box, select the certifier ID or user ID that you want to recertify. For example, to recertify Sales/NYC/ACME, choose SALES.ID.

5. Enter the password and click OK.

6. In the Certify ID dialog box, complete the following fields as necessary:
FieldEnter
Current ServerThe registration server for the current certifier ID. (nonmodifiable)
Current certifierThe name hierarchy of the certifier that issued the certificate. (nonmodifiable)
Expiration date(Optional) Specify a certifier ID expiration date other than the default two years from the current date.
Primary keyPublic half of the primary RSA key pair stored in the IBM® Lotus® Notes® ID file. This RSA key pair is used for electronic signatures on documents and certificates, and on mail encryption when both the sender and the recipient have a North American Notes license. This key pair is also used for network authentication. (nonmodifiable)
International keyThe public half of the international RSA key pair. This key pair is used for mail encryption when either the sender or recipient are running with an International Notes license. (nonmodifiable)
Subject name listCertifier ID(s) you are working with.
AddClick to add and certify an alternate name. Select the alternate language, country code (optional), and the organization identifier for the language.
RenameRename the alternate name selected in the Subject name list. This button is not available when recertifying user Ids. This button is enabled only when alternate languages have been assigned.
RemoveRemoves the alternate name selected in the Subject name list.
Password qualityMove the slider to change the level of complexity and variety of characters entered for the password.
7. Click Certify.

Related topics