One of the many challenges Lotus Notes Domino administrators face is the increased workload that results from having a distributed setup of their IT organization. This is especially true if they are working on multiple domains. When exchanging information across more than one domain, security is a particular concern. This reader-submitted tip explains how to safely and securely connect Lotus Domino servers that are located on different domains through a process called cross-certification.
In the case of Domino servers being located in different domains, administrators can cross-certify the servers to communicate, connect, and exchange information with each other. Cross-certifying allows Lotus Notes users in one domain access to data in another domain -- while simultaneously maintaining security at its highest levels.
Here are the steps you should follow to carry out the cross-certification process:
- Create a "safe copy" of an existing user ID file and open your Lotus Notes client.
- From the File menu, locate the User Security option. The location of this menu option will vary, depending on your installed version of Lotus Notes.
- Select the Your Certificates tab and also the Export Notes ID (Safe Copy) tab from the Other Actions dropdown list. When prompted, click Save to create the SAFE.ID file. This will create a safe copy of the ID file for a Lotus Notes user in the first domain.
- Transfer the created file to the destination Lotus Domino server (i.e. the Domino server located in second domain).
- Copy the file to diskette, shared directory folder, CD-ROM, or otherwise, transfer the file to the Lotus Domino server.
- Launch the Domino Administrator client.
- Select the File -> Open Server menu options to connect to the Domino server.
- From the main navigation window, select the Configuration tab.
- Now click Certification and Cross-Certify from the right-most side. If the options are not displayed, click on the Tools button to expand the list configuration options.
- From the Choose a Certifier dialog window, choose the Certifier ID button and select the CERT.ID file associated with the Lotus Domino server. This is a special ID file that was automatically created when the Domino server was installed. A copy of the file will probably be stored on the Domino server. Select the file and click OK to continue.
- When prompted, specify the password associated with the server CERT.ID file and click OK again. You must know this password to continue with the process.
- You will now be prompted to select the safe copy of the ID file. This will enable all Lotus Notes users in the first domain to access the Lotus Domino server in the second domain. Click OK after the SAFE.ID file has been selected.
- Click the Cross Certify button to generate the cross-certificate for the destination Domino Server Directory. Note that the first time you connect to the destination Domino server you will be prompted to create a digital certification for the destination server. This is a one-time event so just click on the "Yes" button when that message is displayed.
Do you have comments on this tip? Let us know.
This tip was submitted to the SearchDomino.com tip library by member Jim Mck. Please let others know how useful it is via the rating scale below. Do you have a useful Lotus Notes, Domino, Workplace or WebSphere tip or code snippet to share? Submit it to our monthly tip contest and you could win a prize.
Related resources from SearchDomino.com:
- Expert Advice: Cannot connect to new domain
- Protect Lotus Notes from malicious code with the Domino ECL
- Lotus Notes Domino Access, Permissions and Authentication Reference Center