Setting up authentications on your Lotus Domino server

Learn the steps you'll need to take to authenticate your Lotus Domino server through digital certificates.

The following is tip #14 from "Managing Lotus Domino servers -- 15 tips in 15 minutes," excerpted from Chapter 14 of the book Lotus Notes and Domino 6 System Administrator Exam Cram 2, published by Sams Publishing.


For Domino organizations to be capable of exchanging data, they must share a common certificate. This is accomplished by using an organization certifier ID file. Cross certifying a user or server ID with an organizational certifier guarantees that both IDs have a common certificate. Domino uses two types of certifier IDs related to organizations:

  • Organization certifier ID: The default name for this ID file is CERT.ID. This ID file is created when the server is deployed. This ID typically includes the company name and is the highest point on the hierarchy tree.

  • Organization unit certifier IDs: This level of organizational certifier is typically used to delineate the next level on the hierarchy tree, usually identifying county or department names.

Creating a new organization certifier ID

To create a new organization certifier ID, follow these steps:

  1. Using the Administrator client, select the Configuration tab and open the Tools pane. Select Registration, and then click Organization from the menu; the Register Organization Certifier dialog box appears.

  2. Enter the organization name and choose a country code (the latter is optional).

  3. In the Certifier Password field, enter a new password that will be required when certifying IDs for the new organization.

  4. Use the Password Quality slider to determine the quality of password security to assign to the ID file. The default location of the slider is to the extreme left, which is no password and a value of 0. Sliding the bar to the extreme right forces a very strong password and a value of 16. Although it is true that this is optimal for servers, each time the server is loaded, a password will be required at the console before the server will start.

  5. In the Security Type field, choose North American or International.

  6. In the Mail Certification Requests To field, choose Administrator.

  7. Optionally, add a location and comments.

  8. Click Register to create the new certifier ID.

Creating a new organizational unit ID

To create a new Organizational Unit ID, complete these steps:

  1. Using the Administrator client, select the Configuration tab and select the Server document for the server to be recertified.

  2. Open the Certification menu selection under the Tools pane and select Organization Unit; the Register Organization Certifier dialog box appears.

  3. Click the Server button to select the Registration server and click OK. You are then presented with two options:

    • Supply Certifier ID and Password: A file navigation box appears when this option is selected. Navigate to the required certifier ID and select OK. If you choose this option, go to step 4.

    • Use the CA Process: This option allows the administrator to recertify the ID without having access to the certifier ID or the certifier password. A drop-down box is provided to allow the administrator to select a CA-configured certifier from the ones available on the server.

  4. If you chose Supply Certifier ID And Password in step 3, a dialog box appears requiring the certifier password. Enter the password and select OK; the Register Organizational Unit Certifier dialog box appears.

  5. Select the registration server, and then select the certifier ID.

  6. Select Set ID file to define the location for the new certifier ID being created.

  7. Complete the Organizational field by entering a name for the new Organizational Unit.

  8. Complete the Certifier password field by entering a new password.

  9. Use the Password Quality slider to determine the quality of password security to assign to the ID file. The default location of the slider is to the extreme left, which is No Password and a value of 0. Sliding the bar to the extreme right forces a very strong password and a value of 16. Although it is true that this is optimal for servers, each time the server is loaded a password will be required at the console before the server will start.

  10. In the Security Type field, choose North American or International.

  11. In the Mail Certification Requests To field, choose Administrator.

  12. Optionally, enter a location and/or comments.

  13. Click Register to create the new ID file.


Managing Lotus Domino servers

 Home: Introduction
 Tip 1: Activity logging on your Lotus Domino server
 Tip 2: Applying policy documents on your Lotus Domino server
 Tip 3: Automating Lotus Domino server tasks
 Tip 4: Changing access levels on your Lotus Domino server
 Tip 5: Configuring Domino network names on your Lotus Domino server
 Tip 6: Decommissioning a Lotus Domino server
 Tip 7: Defining a backup process on your Lotus Domino server
 Tip 8: Enabling protocols on your Lotus Domino server
 Tip 9: Enabling transaction logging on your Lotus Domino server
 Tip 10: Identifying a registration server on your Lotus Domino server
 Tip 11: Implementing directories on your Lotus Domino server
 Tip 12: Recertifying a Lotus Domino server ID
 Tip 13: Using the Domain Search tool on your Lotus Domino server
 Tip 14: Setting up authentications on your Lotus Domino server
 Tip 15: Prepare for your Lotus Domino server exam


This chapter excerpt from Lotus Notes and Domino 6 System Administrator Exam Cram 2, by Karen Fishwick and Tony Aveyard, is printed with permission from Sams Publishing, Copyright 2005. Click here for the chapter download.

Dig deeper on Lotus Domino Server 8

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWinIT

Search400

  • iSeries tutorials

    Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...

SearchEnterpriseLinux

SearchVirtualDataCentre.co.UK

Close