Setting up authentications on your Lotus Domino server

For Domino organizations to be capable of exchanging data, they must share a common certificate. This is accomplished by using an organization certifier ID file. Cross certifying a user or server ID with an organizational certifier guarantees that both IDs have a common certificate. Domino uses two types of certifier IDs related to organizations:

• Organization certifier ID: The default name for this ID file is CERT.ID. This ID file is created when the server is deployed. This ID typically includes the company name and is the highest point on the hierarchy tree.
• Organization unit certifier IDs: This level of organizational certifier is typically used to delineate the next level on the hierarchy tree, usually identifying county or department names.

Creating a new organization certifier ID

To create a new organization certifier ID, follow these steps:

1. Using the Administrator client, select the Configuration tab and open the Tools pane. Select Registration, and then click Organization from the menu; the Register Organization Certifier dialog box appears.
2. Enter the organization name and choose a country code (the latter is optional).
3. In the Certifier Password field, enter a new password that will be required when certifying IDs for the new organization.
4. Use the Password Quality slider to determine the quality of password security to assign to the ID file. The default location of the slider is to the extreme left, which is no password and a value of 0. Sliding the bar to the extreme right forces a very strong password and a value of 16. Although it is true that this is optimal for servers, each time the server is loaded, a password will be required at the console before the server will start.
5. In the Security Type field, choose North American or International.
6. In the Mail Certification Requests To field, choose Administrator.
7. Optionally, add a location and comments.
8. Click Register to create the new certifier ID.

Creating a new organizational unit ID

To create a new Organizational Unit ID, complete these steps:

1. Using the Administrator client, select the Configuration tab and select the Server document for the server to be recertified.
2. Open the Certification menu selection under the Tools pane and select Organization Unit; the Register Organization Certifier dialog box appears.
3. Click the Server button to select the Registration server and click OK. You are then presented with two options:
   • Supply Certifier ID and Password: A file navigation box appears when this option is selected. Navigate to the required certifier ID and select OK. If you choose this option, go to step 4.
   • Use the CA Process: This option allows the administrator to recertify the ID without having access to the certifier ID or the certifier password. A drop-down box is provided to allow the administrator to select a CA-configured certifier from the ones available on the server.
4. If you chose Supply Certifier ID And Password in step 3, a dialog box appears requiring the certifier password. Enter the password and select OK; the Register Organizational Unit Certifier dialog box appears.
5. Select the registration server, and then select the certifier ID.
6. Select Set ID file to define the location for the new certifier ID being created.
7. Complete the Organizational field by entering a name for the new Organizational Unit.
8. Complete the Certifier password field by entering a new password.
9. Use the Password Quality slider to determine the quality of password security to assign to the ID file. The default location of the slider is to the extreme left, which is No Password and a value of 0. Sliding the bar to the extreme right forces a very strong password and a value of 16. Although it is true that this is optimal for servers, each time the server is loaded a password will be required at the console before the server will start.
10. In the Security Type field, choose North American or International.
11. In the Mail Certification Requests To field, choose Administrator.
12. Optionally, enter a location and/or comments.
13. Click Register to create the new ID file.