Issuing a Vault Trust Certificate
You must issue a Vault Trust Certificate from a parent certifier of service users’ Notes ID files to the certifier of the service ID vault. This step is a prerequisite for user provisioning.
Before you begin
After you have configured your company account settings, wait for directory synchronization to replicate the service ID vault document to your on-premises directory. You can confirm that replication has completed in SmartCloud Notes® Administration. Click Account Settings, and then click Directory Sync Server. Under Sync Status, the status should be OK.
Make sure you have a local copy of the certifier ID file of the parent certifier that you will use to create the Vault Trust Certificate. For example, to issue a Vault Trust Certificate that applies to the user Samantha Daryn/Renovations, make sure you have a local copy of the certifier ID file for the /Renovations certifier.
About this task
If users are certified under an organizational unit (OU) certifier, you can use either the OU certifier or the top-level certifier to issue the Vault Trust Certificate. For example, if users are certified under the OU /North/Renovations, issue a Vault Trust Certificate from either /North/Renovations or /Renovations.
If your service users are certified under different top-level organization certifiers, you must issue a Vault Trust Certificate for each organization. For example, if some service users are certified under the organization /Renovations and others are certified under the organization certifier /ZetaBank, issue a Vault Trust Certificate from both organizations.
The Vault Trust Certificate certifies that the parent certifier of Notes user ID files trusts the service ID vault to store the ID files. ID files must be in the vault for administrators to reset the ID passwords for Notes client users. ID files must also be in the vault for web client users and mobile client users to be able to sign, encrypt, and decrypt messages.
Although all user IDs under the parent certifier that issues the Vault Trust Certificate are authorized for storage in the service ID vault, only the IDs of service users can be uploaded to the vault.
For more information about Vault Trust Certificates, see the information about ID vault trust in the IBM® Domino® documentation.
Perform the following steps to issue a Vault Trust Certificate.