Hello,
Our company wantes to implement one signature policy to sign all dbs with one common id. The preference is given to using server id for this
Reason - simple activity as you dont need to share the server id with the team - you can directly request a sign db request through AdminP request.
However we are not sure if this could have any major impacts and whether using server id is best practice.
We already have existing apps which are signed by various signatures and now we want a proper signature policy implemented.
Subject: See my response to your question in the ND6/7 forum
Date
Topic
I'd recommend using a special purpose ID... (Dave Kern 05/07/2009)
Subject: I agree with Dave
Hi Amit,
I’m also of the opinion that a special database signing ID is the best policy.
I found item 21 on Julie Kadashevich’s Agent FAQ to be really helpful on this subject:
http://www-10.lotus.com/ldd/46dom.nsf/55c38d716d632d9b8525689b005ba1c0/574c99ccb345839185256976004e811e?OpenDocument
(It’s the one entitled “Tempted to sign agents with server id? Read about the drawbacks:”)
If you folks to decide to go single signing ID route, we here at Ytria have a tool called signEZ that offers secure ID delegation and command line support for batch signing.
There’s a free Lite version that does not give you the ability to delegate, but I think it’s quite handy nevertheless because it still lets you audit the signature status of all of a database’s designs.
Here’s the url:
Good luck,