I need to run a 8.5 domino webserver as it is on a windows 2008 server. I dont seem to be able to x cert between 5.0.11 and 8.5 so they can replicate.
Is this possible - if so how?
Thanks
Subject: You’re probably running into a key size issue
You’re probably running into a key size issue. Domino 5.0.x only supported 630 bit RSA keys, whereas Domino 8.5 supports up to 4096 bit RSA keys. Therefore, if the “target” on the 8.5 size is greater than 630 bits, the 5.0.x server won’t be able to cross-certify it, and won’t be able to parse a cross-certificate created by a newer version of Notes/Domino.
Subject: good to know there is a reason but is there a cure.
Thanks Dave - good to know there is a reason but is there a cure. Can I get 8.5 to produce shorter keys.
Subject: Yes
You’re probably generating the default of 1024 bit RSA keys when registering new users in 8.5. You can select a smaller (630 bit) key size when registering new users and servers, and you can roll back the key sizes for existing 1024+ bit users and servers with user key rollover and server key rollover.
Subject: Excellent - how I did it in the end,
Thanks Dave.
Dug around and found the best way of doing it was to put
SETUP_FIRST_SERVER_PUBLIC_KEY_WIDTH=630
In Notes.ini before setting up the server.
Worked a treat.
http://www-12.lotus.com/ldd/doc/domino_notes/7.0/help7_admin.nsf/Links/H_SERVER_SETUP_OVER
Subject: Sorry wrong forum