Recertifying a user ID

Before a user ID reaches its expiration date, recertify the user ID using the original certifier ID. The user ID is recertified without renaming the user.

Before you begin

To recertify a user ID, you must have:
  • Author with Create documents access and the UserModifier role, or Editor access to the Domino® Directory
  • At least Author with Create documents access to the Certification Log (CERTLOG.NSF)

About this task

Use the Certificate expiration view to determine which certifiers need to be recertified. Access this view from Files > Certlog.nsf > By Expiration date. All certifiers are listed by expiration date.

To recertify a user ID using a certifier other than the certifier used to create the user ID, you need to move a user name in the name hierarchy.

Follow these steps to use the Administration Process to recertify a hierarchical ID that is about to expire.

Procedure

  1. From the Domino® Administrator, click the People & Groups tab.
  2. Select the user or users to be recertified with the same certifier.
  3. From the Tools pane, select People > Recertify.
  4. Complete these fields:
    Table 1. Recertification options

    Field

    Action

    Server

    Do one of these:

    • If you are using the Domino® server-based CA, choose the server that is used to access the Domino® Directory to look up the list of certifiers.
    • If you are supplying a certifier ID, select the server that is used to locate the list of certifiers so that the Certifier ID file can be updated with the latest set of certificates for itself and all of its ancestors. This is also the server on which CERTLOG.NSF is updated.

    Use the CA process

    Choose this option if you have configured the Domino® server-based CA. Select a CA configured certifier from the list and click OK.

    Supply certifier ID and password

    Choose this option if you are using a certifier ID and password.

    • Choose the certifier ID that certified the user's ID and click Open. For example, to rename Joe Smith/Sales/NYC/ACME, use the certifier ID named SALES.ID.
    • Click Certifier ID to select an ID other than the one displayed.
    • Enter the password for the certifier ID and click OK.
  5. Verify the certifying ID information and complete the following fields:
    Table 2. Scheduling and other options

    Field

    Action

    New certificate expiration date

    Specify a certifier ID expiration date other than the default two years from the current date.

    Only renew certificates that will expire before

    Enter a date to recertify only a subset of selected user IDs, according to their current expiration dates.

    Inspect each entry before submitting request

    Select the option to edit or inspect each entry before submitting the request if you want to view each certificate before it is renewed.

  6. If you selected the option to view each entry prior to its being submitted, the Recertify User dialog box appears with non-modifiable information in the primary and common name fields. Review the information that displays, then select one of the following:
    • OK - to submit the name change.
    • Skip - if you are recertifying more than one user ID and you want to continue to the next without submitting a recertification for the current name.
    • Cancel Remaining Entries - to cancel this recertification, as well as those for any other names you selected and have not yet submitted.
  7. When the Processing Statistics dialog box appears, review the information to verify that all name changes have succeeded. Click OK. If any fail, check the Certifier Log (CERTLOG.NSF) to determine the reason for the failure.