NOTE: This is a re-post from the Notes/Domino 8 forum
To all:
I am a developer (since 1993) with just enough admin knowledge to be dangerous.
Our production environment is Windows 2000 running Domino 7.0.2 and all of our users are web users registered via the CertPub process. I recently inherited the system and am trying to move it to a new server with an up-to-date OS and Domino version. Our new environment, still in testing, is Windows Server 2008 running Domino 8.5 for Windows/64.
Our users hit the new server via a web browser, are prompted to select a certificate, but for some reason, they are not authenticated, so they are routed to the LoginCert in CertPub. My predecessor’s code automatically redirects their browser to another resource, but because they were not authenticated, they are redirected back to LoginCert – an infinite loop. IBM support recommended that I make the following assignment in the Notes.INI:
SET CONFIG NoWebClientCertLookup=1
Yes, that stopped the infinite loop, but also stopped the authentication. We spent several hours on the issue yesterday, and IBM support is presently researching the issue.
I found an IBM Authorized Program Analysis Report (APAR) on the web, entitled “LO40382: PUBLISHING THIRD-PARTY CA CLIENT CERTIFICATES NOT WORKING”, that seems to describe the issue: http://www-01.ibm.com/support/docview.wss?uid=swg1LO40382
Their conclusion, dated March 6, 2010, is: The problem will be fixed in the next release of the product. I certainly hope that that is not the case – unless the next release is today.
If we do not find a solution soon, time constraints will force me to re-build the new server as a Domino 7.0.2 box. I appreciate any insights that anyone might have.
Sincerely,
Joseph Davoli