Creating a new Notes public key and adding it to the Domino Directory

The process for creating a new HCL Notes® public key differs, depending on which version of HCL Domino® you use.

About this task

Use the key rollover process for creating new public keys through a security settings policy document. Users can also trigger key rollover through the User Security dialog box.

To create a new Notes public key

About this task

The ID owner performs these steps.

Procedure

  1. Choose File > Security > User Security.
  2. Type the password (if required).
  3. Click Your Identity > Your Certificates.
  4. Click Other Actions > Create New Public Keys.
  5. In the Create New Public Keys dialog box, users can choose the new key strength and the method for requesting the certificate.
  6. If the user chooses Authentication Protocol, then the next time the user authenticates with their home server, the keys are created and the certificate request is automatically entered into the server's Administration Requests database.

What to do next

At this point, the administrator needs to complete the certification process as described in User and server key rollover."

  1. If the user chooses Mail Protocol, then the keys are created immediately, and the New Public Keys Confirmation dialog box appears.
  2. In the New Public Keys Confirmation dialog box, click Continue to use Notes mail to send your request for adopting new public keys.
    Note: If you want to create a new public key without using Notes mail, click Export ID to create a safe copy of your ID file, and then click Do not continue. Use another e-mail program to send the exported file to the administrator.
  3. In the Mail New Public Key Request dialog box, address the request to one of the following:
    • The certification administrator for the certifier.
    • The certifier -- for example /East/Renovations. Domino mails the request to the person indicated in the Administration section of the corresponding Certifier document in the Certificates view of the Domino Directory.
  4. Click Send.

To recertify the ID with a Notes certificate and add the Notes public key to the Domino Directory

About this task

The certification administrator performs these steps.

Procedure

  1. Open the certification request in your mail file.
  2. Choose Actions > Certify Attached ID File.
  3. Select whether to use a server-based certification authority or the certifier ID, and click OK.
  4. If you chose to use the certifier ID, enter the password for the ID, and click OK.
  5. Optional: Change the expiration date for the certificate.
  6. Optional: Click Add to specify alternate user name information.
  7. Optional: Specify a minimum password length.
  8. Click Certify. The ID owner's name appears in the To field and explanatory text appears in the Subject field of the Mail Certified ID dialog box.
  9. Click Send.

To merge the new Notes certificate with the ID

About this task

The ID owner performs these steps.

Procedure

  1. Choose File > Security > User Security.
  2. Click Your Identity > Your Certificates.
  3. Click Get Certificates, and then click Import (Merge) Notes Certificates.
  4. Select the recertified ID sent to you by the certification administrator, and then click OK.

To verify a Notes public key

About this task

Verifying Notes public keys against those in the HCL Domino Directory helps prevent an unauthorized user or server from accessing another server.

Procedure

  1. From the Domino Administrator, click Configuration and open the Server document for the server.
  2. Click Security.
  3. In the Security Settings section, select one of the following in the Compare public keys field:
    • Enforce key checking for all Notes users and Domino servers-- check all users' public keys
    • Enforce key checking for Notes users and Domino servers listed in trusted directories only - only check public keys for users listed in the Domino Directory.
    • Do not enforce key checking - select only if you do not want to verify users public keys
  4. Select one of the following in the Log public key mismatches field:
    • Log key mismatches for all Notes users and Domino servers -- to list any public key mismatch in the log
    • Log key mismatches for all Notes users and Domino servers in trusted directories only -- only log mismatches for users listed in the Domino Directory
    • Do not log key mismatches
  5. Save the document.
  6. Restart the server so that the changes take effect.