Error Updating Certifier ID - The public key that is being used does not match the one that was certified

hcl-bot · June 2, 2003, 6:49am

I am running a 6.0.1CF1 client and a 5.0.12 server cluster.

The following error has only started happening since installing the ND6 client. It occurs after entering the cert.id password when registering new users. User registration was fine with the R5 client. Clicking Yes allows me to continue and register a new user with no apparent problems. That user can then go on to use our notes system without any difficulties (well no more that the average user!).

I am concerned that this error could be saving up trouble for a rainy day, and that it will come back and bite big style some time in the future. Does anyone know what it indicates, how it might have happened, what the implications could be, and how I might resolve it?

------error message begins here--------

Error Updating Certifier ID

The following error occurred while trying to update the certificates stored in the Certifier ID with those from the directory on the server you selected:

The public key that is being used does not match the one that was certified.

Do you wish to continue without updating the Certifier ID?

-------end error------------

hcl-bot · June 2, 2003, 7:13am

Subject: Error Updating Certifier ID - The public key that is being used does not match the one that was certified.

Yes , we had the same problem. It seems that the certifier document was NOT in the DD anymore. We created a new one pasted the public key of the certifier in it and it worked again. How did this happen - don’t know…It was also with a R6 cient on a R5 server

If you find some more info, will you let me know?

FORGOT:

the only line which differs from our error message is:“The public key that is being used does not match the one that was certified” which is replaced by “Entry not found in index”.

So your certifier doc maybe still there but has a wrong key in it…?

hcl-bot · June 2, 2003, 7:32am

Subject: RE: Error Updating Certifier ID - The public key that is being used does not match the one that was certified.

I think we’re certainly looking at similar problems.

In the DD under certificates/Notes certifiers, I have 2 entries

One is /UKJV - Which is the notes domain that the cert ID belongs to. It contains a public key that is different to the one on the cert.id file.

The other is wrong I am sure, it just identifies itself as cert, and does not contain any certificate. I think I can safely delete this one, but I also think it is not related to our problems.

So I have different certified public keys in the DD and the cert.id. The question is, which one do I replace, and what will happen when I do?

hcl-bot · June 2, 2003, 7:35am

Subject: RE: Error Updating Certifier ID - The public key that is being used does not match the one that was certified.

Before you begin, be sure to have a backup somewhere so you can restore the ‘old’ certifier docs, in case…

Do you use OU’s or is /UKJV your only certifier?

“The other is wrong I am sure, it just identifies itself as cert” - Don’t understand this

hcl-bot · June 2, 2003, 8:35am

Subject: RE: Error Updating Certifier ID - The public key that is being used does not match the one that was certified.

No OU’s /UKJV is the only certifier.

In the DD we have 2 entries for notes certifiers, one is known as /UKJV, the other is just called cert. I think it may have been created by someone who used to be the notes admin here. I cannot see any use for it.

hcl-bot · June 2, 2003, 8:42am

Subject: RE: Error Updating Certifier ID - The public key that is being used does not match the one that was certified.

Well, copy/paste the public key from your cert.id into the certifier document in the DD.

Remember the backup

hcl-bot · June 2, 2003, 9:28am

Subject: RE: Error Updating Certifier ID - The public key that is being used does not match the one that was certified.

Well, I’ve done as you suggested. The error no longer occurs when trying to register a new user. Just have to wait and see if anything else fails now.

Thanks for your help and advice.

hcl-bot · August 6, 2003, 9:33am

Subject: RE: Error Updating Certifier ID - The public key that is being used does not match the one that was certified.

How do you copy the key information form the id file? It looks like trash to me and not the nice format of numbers that I see in the DD doc.

hcl-bot · August 20, 2003, 1:37pm

Subject: RE: Error Updating Certifier ID - The public key that is being used does not match the one that was certified.

ProblemThe Administration Process (AdminP) fails while trying to complete the first step in the Renaming a Person process. The error register in the Administration Process register is:

“A Required Certifier Was Not Found in the Address Book.”

From the KBase

An error message in the log will state which certifier was not found in the Address Book. For example:

“Error locating an address book entry for the certifier /OU=ORGUNIT/O=ORG Entry not found in index.”

“File name: NAMES.NSF, a required certifier entry was not found in the NAB.”

The problem is that the Address Book does not contain an entry for this certifier. To fix this issue:

Create the missing Certifier document in the Public Address Book on the Administration Server. Under the Server Certificates view, click “Add Certifier”. Be sure to start the certifier name with a forward slash “/”.
Add the public key from the corresponding ID file by copying the public key for the appropriate certifier ID file and pasting it into the new Certificate document. Select File, Tools, Server Administration, ID file. Select the appropriate certifier ID to open. Under More Options, choose Copy Public Key and paste the public key into the new Certificate document.
Rebuild the index of the view in the Address Book:

load updall names.nsf -r -t $certifiers

Edit the failed entry in the Administration Request database. Check the “Perform request again” box and save the document.
AdminP will continue with the Rename Person document.