SECURING


Creating a new Notes public key and adding it to the Domino Directory

The process for creating a new HCL Notes® public key differs, depending on which version of HCL Domino® you use.

About this task

Use the key rollover process for creating new public keys through a security settings policy document. Users can also trigger key rollover through the User Security dialog box.

Parent topic: Public key security

To create a new Notes public key

About this task

The ID owner performs these steps.

Procedure

1. Choose File -> Security -> User Security.

2. Type the password (if required).

3. Click Your Identity -> Your Certificates.

4. Click Other Actions -> Create New Public Keys.

5. In the Create New Public Keys dialog box, users can choose the new key strength and the method for requesting the certificate.

6. If the user chooses Authentication Protocol, then the next time the user authenticates with their home server, the keys are created and the certificate request is automatically entered into the server's Administration Requests database.

What to do next

At this point, the administrator needs to complete the certification process as described in User and server key rollover."

1. If the user chooses Mail Protocol, then the keys are created immediately, and the New Public Keys Confirmation dialog box appears.

2. In the New Public Keys Confirmation dialog box, click Continue to use Notes mail to send your request for adopting new public keys.


3. In the Mail New Public Key Request dialog box, address the request to one of the following: 4. Click Send.

To recertify the ID with a Notes certificate and add the Notes public key to the Domino Directory

About this task

The certification administrator performs these steps.

Procedure

1. Open the certification request in your mail file.

2. Choose Actions -> Certify Attached ID File.

3. Select whether to use a server-based certification authority or the certifier ID, and click OK.

4. If you chose to use the certifier ID, enter the password for the ID, and click OK.

5. Optional: Change the expiration date for the certificate.

6. Optional: Click Add to specify alternate user name information.

7. Optional: Specify a minimum password length.

8. Click Certify. The ID owner's name appears in the To field and explanatory text appears in the Subject field of the Mail Certified ID dialog box.

9. Click Send.

To merge the new Notes certificate with the ID

About this task

The ID owner performs these steps.

Procedure

1. Choose File -> Security -> User Security.

2. Click Your Identity -> Your Certificates.

3. Click Get Certificates, and then click Import (Merge) Notes Certificates.

4. Select the recertified ID sent to you by the certification administrator, and then click OK.

To verify a Notes public key

About this task

Verifying Notes public keys against those in the HCL Domino Directory helps prevent an unauthorized user or server from accessing another server.

Procedure

1. From the Domino Administrator, click Configuration and open the Server document for the server.

2. Click Security.

3. In the Security Settings section, select one of the following in the Compare public keys field:

4. Select one of the following in the Log public key mismatches field: 5. Save the document.

6. Restart the server so that the changes take effect.

Related concepts
Public key security

Related tasks
User and server key rollover