How to correct Lotus Notes public key mismatches in four easy steps

To be honest, it's not really four easy steps. It's really three easy steps and one kind of tedious step. But public key mismatches in Lotus Notes and Domino are so important to correct that you'll want to do all four of them anyway, even if the last one is somewhat irksome.

Background on Lotus Notes public keys

Every Lotus Notes user's ID file stores a pair of extremely important security keys: the private key and the public key. These keys are mathematically related to each other and are unique to each user ID.

The public key is stored in your user ID and the Domino Directory. Your private key is a well-kept secret that is only stored in your user ID file. These two security keys have the same mathematical key ancestry, but have slightly different content and functionality. Think of them as fraternal twins rather than identical twins.

The private key and public key are used by Lotus Notes and Domino Server in a variety of security situations, such as authenticating with a server, signing email, or sending and receiving encrypted email. When someone sends you encrypted email, their Lotus Notes client reads your public key from the Notes Address Book (NAB) and uses it to encrypt the message. When you receive the message, your Lotus Notes client uses your private key in the process of decrypting the message.

Occasionally, mostly by accident or through someone not following best practices, the public key in a Lotus Notes ID file becomes different than the one in the Notes Address Book.

If the public key in the address book is not exactly the same as the public key in your ID file, many Lotus Notes processes, such as encrypting email, will cease to function correctly.

But that's not all. Renames and r

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Lotus Notes Domino Access, Permissions and Authentication Display Lotus Notes user group membership details in a tree view How DirLint verifies data in Lotus Notes Domino 8 directories Fix and update Lotus Notes documents with limited access Lotus Notes access error: 'database is not opened yet' Formula language button manages Deny Access list searches Update the ACL from the Roles view with LotusScript Secure Lotus Notes 8 with the Internet password lockout feature Find a Lotus Notes user within NAB Deny Access groups Move a Lotus Domino server to a new certifier without a reinstall Troubleshoot Lotus Notes Out of Office (OOO) agent error messages Lotus Notes Domino Security Cracked users' HTTP passwords still a threat on many Lotus Notes R6 and R7 domains Top 10 Notes/Domino administration tips of 2006 Unsecured devices worry IT professionals Online crime as ugly as ever McAfee sued for patent infringement Mobile security starts with policy Antivirus researcher Gullotto leaves Symantec for Microsoft Symantec: Searching for a strategy? Symantec says enterprises failing to secure instant messaging A recipe for secure IM success Lotus Notes 7 LotusScript agent automates selective mail file replication Case-insensitive @Unique version combines fields on Lotus Notes forms Mass-input form uses LotusScript to ease large-scale employee moves Domino server setting and email policy tricks admins must know Can Lotus Notes/Domino and Microsoft SharePoint play nice together? IBM Lotus Notes versus Microsoft SharePoint: The rest of the story Understanding a Lotus Notes Smart Upgrade rollout Lotus Notes access error: 'database is not opened yet' A guided tour of the Lotus Notes Domino blogosphere Top 10 Lotus Notes Domino administration tips of 2007

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

ecertifications will fail, as will password checking and public key checking. Requests sent to the AdminP task break also, because the public key of the requestor doesn't match the one in the NAB.

IBM Lotus has published many documents with instructions on how to copy the public key from an ID to a person document in the address book. But how can you be proactive and find all the Notes users that have the mismatched public keys?

This is especially important if you want to implement password or public key checking for the first time. You'd hate to turn on those functions, only to find out that you've accidentally prevented a few hundred users from accessing servers. That would be a very unpleasant day.

How to fix Lotus Notes user IDs with mismatched public keys

Fortunately, the solution is a piece of cake, if you know these four steps:

Unfortunately, I am not aware of any automated way to fix this problem. If you have one and share it with me, I will in turn share it with the extended family of Notes/Domino administrators here on SearchDomino.com and give you the credit. You can write to me at AndyP at Technotics dot com.

About the author: Andy Pedisich is President of Technotics, Inc. He has been working with Lotus Notes and Domino since Release 2. Technotics provides strategic consulting and training on collaborative infrastructure projects for customers throughout the world. You can contact Technotics through their Web site at www.technotics.com.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip is via the rating scale below. Do you have a useful Lotus Notes, Domino, Workplace or WebSphere tip or code snippet to share? Submit it to our tip contest and you could win a prize.

Rate this Tip To rate tips, you must be a member of SearchDomino.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.