How to manually recertify an expired ID

Technote (FAQ)


Question

You have a Lotus Notes user ID that has expired and you would like to manually recertify it.

The ID can open Notes, because the password is valid, but the user cannot do anything else, as the end date has expired. If the user selects File -> Tools -> User ID -> Certificate -> Request Certificate, the following message displays:

Server Error: Your certificate has expired.


Answer

Administrator: Recertify user's ID
A user has a Notes ID that has an expired certificate. These steps are performed by the server administrator to correct the user's expired ID.

  1. After obtaining the user ID, you (as the administrator) launch the Lotus® Domino® Administration client.

  2. Open the Configuration tab, expand Certification (located on the right hand pane) and select Certify.

  3. Select the Certifier ID file.

  4. From the Choose Certifier ID dialog box, select the O or OU certifier that was originally used to certify the user ID.

  5. Enter the password for the certifier ID.

  6. From the Choose ID to Certify dialog box, select the user ID to be recertified.

  7. Enter the password for user ID to be recertified.

  8. [Optional] In the Certify ID dialog box, you may set or change the following:
    Registration server, expiration date of the certifier and password length.

  9. Click Certify.
    The Status window displays:
    Updating address book entry for username/org
    Successfully updated address book entry for username/org
    Username/org successfully certified

  10. Choose "No" when you receive the following dialog box:
    Would you like to certify another?

  11. Provide the newly-recertified ID file to the user.


User: Merge the new certificate
Once the administrator recertifies the safe.ID and returns the ID to the user, the user must perform the following steps:

  1. Select File -> Security -> User Security -> Your Identity -> Your Certificates -> Get certificates button -> Import (Merge) Notes Certificate.

  2. Enter password.

  3. The dialog box then prompts the user to choose the safe.ID that has been recertified and it is then merged into the original user ID.


Administrator: Recertify an expired Server ID
If an administrator needs to recertify an expired Server ID, the following steps should be followed:
  1. Certify the server id file by following the "Administrator: Certifying an expired server ID file" steps included below.

  2. Verify that the expiration date has been changed in the server.id file.

  3. From the administration client select Configuration -> Tools -> ID Properties, then select the Server ID file.

  4. Place the new server.id back on the server (c:\lotus\domino\data), and restart the server.

Administrator: Certifying an expired server ID file
How to certify an expired server id file.
  1. After obtaining the server ID (c:\lotus\domino\data is the default location ), you (as the administrator) launch the Domino Administrator client.

  2. Open the Configuration tab, expand Certification (located on the right hand pane) and select Certify.

  3. Select the Certifier ID file.

  4. From the Choose Certifier ID dialog box, select the O or OU certifier that was originally used to certify the user ID.

  5. Enter the password for the certifier ID.

  6. From the Choose ID to Certify dialog box, select the server ID to be recertified.

  7. Enter the password for server ID to be recertified, if necessary (not all server ID files require a password).

  8. [Optional] In the Certify ID dialog box, you may set or change the following:
    Registration server, expiration date of the certifier and password length.
    The server.id file should have an expiration date 99 years in the future (default ).

  9. Click Certify.
    The Status window displays:
    Updating address book entry for username/org
    Successfully updated address book entry for username/org
    Username/org successfully certified

  10. Choose "No" when you receive the following dialog box:
    Would you like to certify another?

  11. Copy the newly-recertified ID file to the server (c:\lotus\domino\data, by default).


Questions and answers

Q: If a user ID has expired, what must be done to recertify that user's ID file?

A: Expired IDs must be recertified manually. If the ID and the grace period have expired the user will not be able to authenticate with any servers. As a result the user will be unable to email a safe copy of the ID to the administrator. Therefore, the ID must be supplied through another means (for example, another user can email the expired ID to the administrator). The administrator must then recertify the ID manually and can do this using the Server Administration panel with the Recertify... option under the People menu on the People and Groups tab. Using the Recertify option to make the change in the Person document in the Domino Directory requires that the user authenticate to pick up the new public key.


Q: What happens if a user with an expired ID connects to the server?

A: The client notifies the user via a dialog box that the certificate has expired. If the ID has expired and the user attempts to connect to the server, one of two things can happen:

1. If the certificates have not already been recertified prior to this point, the user will not be allowed to access the server until this is done (either manually or via adminp).
2. If the certificates were recertified prior to this but the user happens to be using an updated ID file, the server will automatically update the certificates on the ID.


Q: Suppose the same user connects three months later with an old copy of his/her ID which has also expired. Will the server allow access to it, and will the expiration date of this other copy of an expired ID be updated with new expiration dates?

A: Initially the user will receive an error message from the client stating that the certificate has expired. When the user authenticates with the server, the server will automatically update the public key stored in the ID file.


Q: Will this happen in perpetuity?

A: As long as the expiration date is current.

Related information

A simplified Chinese translation is available

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Domino
Administration

Software version:

6.5, 7.0, 8.0, 8.5, 9.0

Operating system(s):

Windows

Reference #:

1087566

Modified date:

2007-06-11

Translate my page

Machine Translation

Content navigation