Error processing certificate created by /OurOrg for Steve Davis/OurOrg: The signature on the certificate was found to be invalid

hcl-bot · May 18, 2009, 5:38pm

I am one of two Domino administrators for our organization. This morning when I tried to access our servers, I received the error message:

Error processing certificate created by /OurOrg for Steve Davis/OurOrg: The signature on the certificate was found to be invalid. Check the log file for details.

I could not access any servers. After a couple of hours of trying different things, I had our other administrator recertify my ID file. After he did so, I was able to access the servers, but continually receive this error message (10 to 20 times in a row) when opening a database or a document:

Error processing certificate created by /OurOrg for /OurOrg: The subject’s public key found in the certificate is not the one stored in our ID file for that entity.

Failed to authenticate with server ewMail/OurOrg: The subject’s public key found in the certificate is not the one stored in our ID file for that entity. Check the local log file for details.

Other clues:

When the other administrator tries to open any document signed by our mail server, he gets an ECL prompt saying that the document is not signed and does he trust it.

When I tried to resign design elements using the server.id, it fails:
Title: Administration Requests (R5) Path: admin4.nsf; Error: The subject’s public key found in the certificate is not the one stored in our ID file for that entity.

Does anyone know how we can resolve this? I don’t know of any changes that were made last week. The week before we applied some hotfixes for the servers (8.5 HF374).

Thanks for any help.

Steve

Update:

I tried recertifying two servers and this is the result in the log:

05/18/2009 01:00:41 PM Error processing certificate created by /OurOrg for /OurOrg: The subject’s public key found in the certificate is not the one stored in our ID file for that entity.

05/18/2009 01:00:41 PM Admin Process: Received the following error performing a Modify CA Configuration in Domino Directory request on /OurOrg (Path: admin4.nsf): The subject’s public key found in the certificate is not the one stored in our ID file for that entity.

05/18/2009 01:04:18 PM Error processing certificate created by /OurOrg for /OurOrg: The subject’s public key found in the certificate is not the one stored in our ID file for that entity.

05/18/2009 01:04:18 PM CA Process (O=OurOrg): Error processing certificate request: The subject’s public key found in the certificate is not the one stored in our ID file for that entity.

05/18/2009 01:04:19 PM Error processing certificate created by /OurOrg for /OurOrg: The subject’s public key found in the certificate is not the one stored in our ID file for that entity.

05/18/2009 01:04:19 PM CA Process (O=OurOrg): Error processing certificate request: The subject’s public key found in the certificate is not the one stored in our ID file for that entity.

hcl-bot · September 18, 2010, 12:32am

Subject: RE: Error processing certificate created by /OurOrg for Steve Davis/OurOrg: The signature on the certificate was found to be invalid.

Hi Steve,

Just want to know if you ever got a solution to solve this problem you posted. We are having exactly the same problem now and haven’t been able to figure it out yet.

Kindly let me know how you were able to resolve the issue. You can reach me on umechima@yahoo.com

Thanks in anticipation.

Austine

hcl-bot · September 30, 2010, 8:51am

Subject: Check certifier public key

Can you check that the certifier public key stored in the directory matches the certifier’s public key in the certifier ID file?

hcl-bot · October 11, 2010, 8:04am

Subject: If certifiers match…

Open a PMR, so support can gather your configuration.

hcl-bot · June 5, 2014, 9:22am

Subject: Question on this

Do you know if an admin did a Key Rollover two years ago? If so, this would happen and IBM will tell you to recreate your Domain. You don’t have to recreate it to fix it.

hcl-bot · September 15, 2015, 5:04am

Subject: Same Problem

Hi @all,

we have got the same problem.

We rolled our keys (cert and server ids) in june over.

The users can work, but rolling a user over, the keychain will break, because the o and ou certification entries won´t get updated in the users id file.

It won´t help to recert a user with his/her ou cert with adminp. The only way to get out of it, is to recert the users with the O certifier and after that back with the OU certifier (adminp way) or to recertify the users id file manually (domino admin) with the OU certifier. After that, the users id file can be rolled over.

But there is still the error “Error processing certificate created by /O for /OU/O The signature found in the certificate is invalid.”

Maybe recreating the personal adressbook helps (http://www-01.ibm.com/support/docview.wss?uid=swg21257468). Are there any people out there, who fixed that error?

Thanks for your help.

Sebastian Spudik