Securely connect Lotus Domino servers on different domains

One of the many challenges Lotus Notes Domino administrators face is the increased workload that results from having a distributed setup of their IT organization. This is especially true if they are working on multiple domains. When exchanging information across more than one domain, security is a particular concern. This reader-submitted tip explains how to safely and securely connect Lotus Domino servers that are located on different domains through a process called cross-certification.

In the case of Domino servers being located in different domains, administrators can cross-certify the servers to communicate, connect, and exchange information with each other. Cross-certifying allows Lotus Notes users in one domain access to data in another domain -- while simultaneously maintaining security at its highest levels.

Here are the steps you should follow to carry out the cross-certification process:

1. Create a "safe copy" of an existing user ID file and open your Lotus Notes client.

2. From the File menu, locate the User Security option. The location of this menu option will vary, depending on your installed version of Lotus Notes.
3. Select the Your Certificates tab and also the Export Notes ID (Safe Copy) tab from the Other Actions dropdown list. When prompted, click Save to create the SAFE.ID file. This will create a safe copy of the ID file for a Lotus Notes user in the first domain.
4. Transfer the created file to the destination Lotus Domino server (i.e. the Domino server located in second domain).
5. Copy the file to diskette, shared directory folder, CD-ROM, or otherwise, transfer the file to the Lotus Domino server.
6. Launch the Domino Administrator client.

7. Select the File -> Open Server menu options to connect to the Domino server.

8. From the main navigation window, select the Configuration tab.

9. Now click Certification and Cross-Certify from the right-most side. If the options are not displayed, click on the Tools button to expand the list configuration options.
10. From the Choose a Certifier dialog window, choose the Certifier ID button and select the CERT.ID file associated with the Lotus Domino server. This is a special ID file that was automatically created when the Domino server was installed. A copy of the file will probably be stored on the Domino server. Select the file and click OK to continue.
11. When prompted, specify the password associated with the server CERT.ID file and click OK again. You must know this password to continue with the process.
12. You will now be prompted to select the safe copy of the ID file. This will enable all Lotus Notes users in the first domain to access the Lotus Domino server in the second domain. Click OK after the SAFE.ID file has been selected.
13. Click the ...
    
    To continue reading for free, register below or login

    Requires Membership to View

    To gain access to this and all member only content, please provide the following information:

    Email Address:
    
    
    

    By joining SearchDomino.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.
    
    TechTarget cares about your privacy. Read our Privacy Policy
    To read more you must become a member of SearchDomino.com

    As an existing member of the TechTarget network please activate your SearchDomino.com account 

    By joining SearchDomino.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.
    
    TechTarget cares about your privacy. Read our Privacy Policy
    
    
    

    Digg This!     StumbleUpon     Del.icio.us

    
    
    
    

    RELATED CONTENT Server How to move Notes databases off Domino 8 servers and save disk space Move a Lotus Domino server to a new certifier without a reinstall Track and record Lotus Notes user logins to Domino Server Use SMTP outbound authentication to relay hosts in Lotus Notes Domino 8 Log off idle Lotus Notes users for better Domino Server performance Copy Lotus Notes databases from the Domino Server console command line How to perform an in-place upgrade of Lotus Domino server hardware Daylight Saving Time 2007 -- seven helpful tips for Lotus Notes administrators FileZilla How and why to change replica IDs during a Lotus Notes Domino upgrade Lotus Notes Domino Access, Permissions and Authentication Display Lotus Notes user group membership details in a tree view How DirLint verifies data in Lotus Notes Domino 8 directories Fix and update Lotus Notes documents with limited access Lotus Notes access error: 'database is not opened yet' Formula language button manages Deny Access list searches Update the ACL from the Roles view with LotusScript Secure Lotus Notes 8 with the Internet password lockout feature Find a Lotus Notes user within NAB Deny Access groups Move a Lotus Domino server to a new certifier without a reinstall Troubleshoot Lotus Notes Out of Office (OOO) agent error messages Spam and Security Protect Lotus Notes from malicious code with the Domino ECL How to correct Lotus Notes public key mismatches in four easy steps A recipe for secure IM success Telecommuter security kit Spear phishing: Don't be a target FAQ: Lotus Notes Domino password issues Security awareness training: How to educate employees about spyware Seven tips to strengthen your Domino e-mail security Admin2005 preview: Tips, techniques, and a look at Notes/Domino Rel. 7 Notes/Domino Security, An Administrator's Guide: book review

    RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

    
    
    Cross Certify button to generate the cross-certificate for the destination Domino Server Directory. Note that the first time you connect to the destination Domino server you will be prompted to create a digital certification for the destination server. This is a one-time event so just click on the "Yes" button when that message is displayed.

Do you have comments on this tip? Let us know.

This tip was submitted to the SearchDomino.com tip library by member Jim Mck. Please let others know how useful it is via the rating scale below. Do you have a useful Lotus Notes, Domino, Workplace or WebSphere tip or code snippet to share? Submit it to our monthly tip contest and you could win a prize.

Rate this Tip To rate tips, you must be a member of SearchDomino.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.