IBM Domino Notes cross certificate

hcl-bot · June 30, 2015, 4:50am

Hi,

I have installed Domino Server-64but and Domino Notes and Domino Administrator (9.0.1). I want to create a cross certificate using Domino administrator. My domino server is running as an HTTP server and then when i connect to administrator I skipped the initial connection wizard to connect to domino server and now when i try to connect via client reconfiguration wizard ,its showing me the server domino directory does not have cross certificate to authenticate you. Also , in certifiates tab , i can see 2 cross certificates of mine. But when i go to policy setting of IBM notes under security and in that key and certificates tab–> update links, i cant see any notes cross certificates.

Also in contacts–> advanced–>Certificates , i can see a drop down for Notes cross certificates and it shows my certificates…but it does not get applied for my server. Do i need to copy any …id file to local Domino directory from Notes data directory?

Also in Domino administrator , i can see my server as only Local and cannot see the actual name of the server and as stated above when i try to connect to it , it shows that i do not have cross certificates. Moreover, even i try to connect my 64bit domino server, it does not take the server and still states it as local. The same settings on 32bt domino server , works fine. I want to know if Domino 64bit works on Notes 32bit and Domino Administrator.

Please let me know, how shall i move ahead…

hcl-bot · June 30, 2015, 10:04am

Subject: Is this a new server?

I’m a little confused about the description of the problems. It sounds like you have a chicken-or-egg scenario in that you need a cross-certificate to access your Domino server, but you need to access the Domino server to create the cross-certificate. Do you not have the administrator ID created when you set up the first server in the domain? If you do, switch to that to access the server and create the cross-certificate.

There must be a valid cross-certificate in the server address book granted by the server’s certifier to one of your ID’s certifiers or your ID specifically. If you don’t have the original admin ID, you can still create the cross-certificate if you have access to the Domino server’s certifier ID. You’ll just need to create it with the registration server set to local (you can’t access the server yet) and then bring down Domino and open the server names.nsf locally. Copy the cross-certificate created above (it will be in your client names.nsf) to the server names.nsf, close the server names.nsf, and restart Domino.

hcl-bot · July 2, 2015, 2:28am

Subject: Domino partition additional server setup

Thank you for the assistance. I reinstalled the whole setup as i found that the admin.id file is not locally saved for future use. Now in domino admin app, i am connected to my server. So,when installing this time, i selected the option to locally save the ID file