The client I work for is implementing PKI/x.509 certificate authentication (using third-party DoD certificates), and we are using the certpub.nsf database to collect and register certificates for Web users. I'm trying to automate the button in the certpub.nsf that "accepts" and adds the user cert to the user's person doc in the Names and Address Book (NAB/Directory) via AdminP. There is an @Formula that only works from the Notes Client:
@AdminCreateRequest([ AddCertificate];CurrentServer: AdminFileName;"*";@V3UserName);I would like to either figure out a way in Script to duplicate the formula or figure out what the AdminP process does to add the cert to the person doc in the NAB. I need to know what fields it sets and what fields/data is populated in the NAB. I also need to know how to format the cert itself. The data in the certificate field contains a string. Once AdminP processes the request and adds the cert to the NAB, is it converted to hex or some other format?
I'm at a loss in finding any kind of documentation on this subject.
I looked into something like this a while ago. I believe that this is a very hard programming problem that you outline. I am not saying it is impossible, but it is tricky. The only specific suggestion I have is that there may be a couple existing 3rd party products that do what you want (or almost what you want). Buying one of these might be easier than re-inventing the wheel. Here's one that may help you.
Dig Deeper on Lotus Notes Domino Access, Permissions and Authentication
Related Q&A from Chuck Connell
Is it possible to encrypt a user's name before sending an email? SearchDomino.com expert Chuck Connell weighs in. Continue Reading
Learn how to change authentication timeout interval for Domino Web Access logins. Continue Reading
SearchDomino.com expert Chuck Connell explains your options if you can't restore a corrupted certlog.nsf file using the fixup command. Continue Reading