Use this procedure to recertify a certifier ID or a user
ID with the same certifier ID that was used previously to certify
the certifier ID or user ID. Certifier IDs are used to certify other
certifiers, servers, and users. A certifier ID issues a certificate
to another user, server or certifier that is on the hierarchical level
immediately subordinate to the certifier. For example, in the Organizational
Unit Sales/NYC/RENOVATIONS, NYC is the certifier for Sales; RENOVATIONS
is the certifier for NYC. The Organization certifier, in this case
RENOVATIONS, can certify itself.
About this task
You can also recertify a user ID with a different certifier
ID, that is, a certifier ID other than the one used to previously
certify the user ID. Although recertifying a user ID with a different
certifier is allowed, it is not recommended that you do so using this
procedure. In this case, you are renaming the user, which is a very
complex process involving changes to ACLs for various databases, changes
to lists of group members, and other related entries. Recertifying
a user ID with a different certifier does not invoke the Administration
Process, so all changes need to be made manually. To recertify a user
with a different certifier ID, we recommend using the Rename tool,
and requesting a move to a new certifier.
When you recertify
an ID you can:
- Provide a new expiration date for certificates about to expire
- Add a new alternate name to the certifier ID
- Change the minimum password quality
You can recertify any of the following types of IDs:
- Organizational unit
- Server
- User
- Organization certifier (when it is used to certify itself)
Procedure
- From the Domino® Administrator,
click Configuration.
- From the tools pane, click .
- In the Choose a Certifier dialog
box, make the following selections:
Table 1. Certifier
selection options
| Field |
Action |
| Server |
Do one of these:
- If you are using the Domino server-based
CA, choose the server that is used to access the Domino Directory to look up the list of certifiers.
- If you are supplying a certifier ID, select the server that is
used to locate the list of certifiers so that the Certifier ID file
can be updated with the latest set of certificates for itself and
all of its ancestors. This is also the server on which CERTLOG.NSF is
updated.
|
| Supply certifier ID and password |
Choose the certifier ID that issued the original
certificate. For example, to recertify the certifier ID for /Sales/NYC/RENOVATIONS,
choose the /NYC/RENOVATIONS certifier ID, which is NYC.ID.
- Click Certifier ID to select an ID other
than the one displayed.
- Enter the password for the certifier ID and click OK.
Note: Although not recommended, you can choose a different certifier
ID to recertify a user ID, instead of using the original certifying
ID. |
| Use the CA process |
Choose this option to use the server-based
certification authority (CA). Select a CA-configured certifier from
the list and click OK. |
- In the Choose ID to Certify box,
select the certifier ID or user ID that you want to recertify. For
example, to recertify Sales/NYC/RENOVATIONS, choose SALES.ID.
- Enter the password and click OK.
- In the Certify ID dialog box, complete the following fields
as necessary:
Table 2. Certify ID options
| Field |
Enter |
| Current® Server |
The registration server for the current certifier
ID. (nonmodifiable) |
| Current certifier |
The name hierarchy of the certifier that issued
the certificate. (nonmodifiable) |
| Expiration date |
Specify a certifier ID expiration date other
than the default two years from the current date. |
| Primary key |
Public half of the primary RSA key pair stored
in the Notes® ID file. This
RSA key pair is used for electronic signatures on documents and certificates,
and on mail encryption when both the sender and the recipient have
a North American Notes license.
This key pair is also used for network authentication. (nonmodifiable) |
| International key |
The public half of the international RSA key
pair. This key pair is used for mail encryption when either the sender
or recipient are running with an International Notes license. (nonmodifiable) |
| Subject name list |
Certifier ID(s) you are working with. |
| Add |
Click to add and certify an alternate name.
Select the alternate language, country code (optional), and the organization
identifier for the language. |
| Rename |
Rename the alternate name selected in the Subject
name list. This button is not available when recertifying user Ids.
This button is enabled only when alternate languages have been assigned. |
| Remove |
Removes the alternate name selected in the
Subject name list. |
| Password quality |
Move the slider to change the level of complexity
and variety of characters entered for the password. |
- Click Certify.