I am trying to cross certify two different domain. Though they have different certifier, they do have same name.
After creates cross certificates within both domain, i get error while accessing server from one domain form another one,‘Public key that is being used does not match the one that was certified’ and ‘The certificate table does not contain enough valid certificates to verify the public key of it owner’.
May be because of same domain name, it might be failing to cross certify to each other or I might be wrong somewhere while creating cross certificates. if so, then could you please provide me a exact procedure of doing Cross Certification at Organization level?
Please suggest as early as possible as this is production issue.
Subject: Quick info? Cross certification among two different domino domain…
Cross certification could be a little problematic sometimes.
Check if you have the notes certificate in both server’s names.nsf and also, the cross certification certificates. (I mean copy one to one server names, and the second one to the first, so they share it)
Now if that doesn’t help, copy the server documents from one server to another.
Then, check if you have the servers added in the “who can access this server”. If they are in a group, add them in the Server/ORG form, since I had problems before if it was a group instead of the server name.
PS. The best would be to have not matching ORG names but I think I made it once in the past.
How many servers do you have? Did you consider migrating the servers to the other domain?
Subject: RE: Quick info? Cross certification among two different domino domain…
We have 2 servers in other domain. The problem here is we were supposed to create servers in existing domain. but it got created in new domino domain with same name. Now one secondary directory which is available in original domain, is not available in new domain. So now we have to make it like this that without setting up the new servers again in original doman, both domains can talk to each other without any issue and replication can happen easliy for secondary NAB among them.
Subject: RE: Quick info? Cross certification among two different domino domain…
Alright, I see the problem now. The strange thing is how did the servers got created in a different certifier. Did you use a test server or something like that? Or created a new one with the same name?
Anyway, did you try anything from my previous post?
I would really suggest studying the posibility of recertificate both servers and users but if that’s not an option, I guess you can try to make this work.
Did you copy both Botes certificates between names, server documents, croos certificate documents?
Do the servers have administrator access between them?
Subject: RE: Quick info? Cross certification among two different domino domain…
Hi Sebastian,Thanks for your reply.
We tried to do cross certification as you suggested by you. Now ultimately we have decided to register a new server ids for those two servers in our old domain. We decided to do as,
-
registeration of server Ids in old domain.
-
removing the all but not first three line from notes.ini of the affected server.
-
renaming current names.nsf and ids to .old
-
It will let us go thru configuration part again where we will specify new server id as a additional server.
-
signing the current app datbases with old domain id and app testing
We have performed these steps on staging and working perfectly.
Anyway Many thanks for your kind reply with all your suggestions.