Periodically, certificates associated with a server ID expire. When this occurs, the ID needs to be recertified. To recertify a server ID, the administrator must have either Author access to the Domino directory and the ServerModifier role assigned or Editor access to the directory. In addition, the administrator must have Author access or greater to the certification log. The following steps allow a server ID to be recertified:
- Using the Administrator client, select the Configuration tab and select the Server document for the server to be recertified.
- Open the Certification tab under the Tools pane and select Certify; the Choose a Certifier dialog box appears.
- Click the Server button to select the Registration server and click OK.
- In the Registration Server dialog box, choose an option to determine how you will register the server. The options include
- Supply Certifier ID and Password: If you choose this option, a file navigation box appears. This option is used if a certifier ID is used to authorize access to the domain. Navigate to the required certifier id and select OK.
- Use the CA Process: This option allows the administrator to recertify the ID without having access to the certifier ID or the certifier password, by using a Certificate Authority (CA), instead. If you choose this option, use the drop-down box it provides to select a CA-configured certifier from the ones available on the server.
- Supply Certifier ID and Password: If you choose this option, a file navigation box appears. This option is used if a certifier ID is used to authorize access to the domain. Navigate to the required certifier id and select OK.
- After you've selected one of the two options, click OK. If Supply Certifier ID and Password is chosen, a dialog box appears requiring the certifier password. Enter the password and click OK to continue.
- A file navigation box appears prompting for the ID to be certified. Select the server's ID file and click OK; the Certify ID dialog box appears.
- In the Expiration Date field, choose a setting to determine when the server will need to be recertified. The default time is two years, but can be changed as needed.
- In the Subject Name List field, type a common name for the ID if desired (this field is optional). This is used to identify the user in the Directory.
- In the Password Quality field, use the slide bar to determine the quality of password security to assign to the ID file. The default location of the slider is to the extreme left, which is No Password and a value of 0. Sliding the bar to the extreme right forces a very strong password and a value of 16. Although it is true that this is optimal for servers, each time the server is loaded, a password will be required at the console before the server will start.
- Select Certify to continue and recertify the ID; a dialog box appears asking if the administrator wants to certify another ID.
- Select Yes to certify more IDs or No to exit the certification process.
No comments:
Post a Comment