Setting up ID recovery

Before users can recover their ID files, you must set up ID recovery. Perform these steps before anyone loses or corrupts an ID -- ideally before you begin registering users.

Procedure

  1. From the Domino® Administrator, click Configuration, and then click Certification.
  2. Click Edit Recovery Information.
  3. In the Choose a Certifier dialog box, click Server and select the registration server name from the Domino® Directory (only if the correct server name does not appear).
  4. Choose the certifier for which you are creating recovery information.
    • If you are using a server-based certification authority, click Use the CA process and select a certifier from the drop-down list. You must be a Certificate Authority (CA) administrator for the certifier in order to change ID recovery information.
    • If you are not using a server-based certification authority, click Supply certifier ID and password. If the certifier ID path and file name does not appear, click Certifier ID and select the certifier ID file and enter the password.
  5. Click OK. The Edit Master Recovery Authority List dialog box appears.
  6. Enter the number of recovery authorities that are required to recover an ID file. It is recommended that you choose at least three.
  7. Select the length of the recovery password from the drop-down list. The default is 16 characters.
  8. Click Add and select the names of the administrators who are the designated recovery authorities.
  9. Determine whether you want to use an existing mailbox for recovery information or create a new one.
    • If you have a mail or mail-in database already set up for recovery information, select I want to use an existing mailbox. Click Address and select the database from the Domino® Directory.
    • If you want to create a new database to store recovery information, select I want to create a new mailbox. In the Create New Mailbox dialog box, enter the name of the server on which the database is to be created, and the database title. You can use the file name that is created from the database title, or you can create a new one.
  10. In the Custom Recovery Message field, type a customized message for the Enter passwords dialog box that appears during the ID recovery process. For example, you may want to specify help desk contact information. Message length is limited to 512 characters.
    Note: Whenever you make changes in this dialog box, the Export button is disabled. You cannot export recovery information until you save the new or updated information.
  11. Click OK.
  12. If you are using a server-based certification authority, at the server console type:
    load ca

    This starts the CA process with the new recovery information, or refreshes it if it is already running. Then type:

    tell adminp process all 

    to process the request to add recovery information to the certifier.

  13. In the mail-in database ACL, set the -Default- access to No access and give administrators Reader access.

Results

If you have created additional O-level Notes® certifiers, be sure to cross-certify them with the initial Notes® certifier prior to setting up recovery information.