Cross Certification on R5 and Public Key Issue

Author: Tripp W Black

Created: 08/03/2000 at 03:51 AM

 

Category:
Domino Server Issues Troubleshooting
Cross-Certification

Original Issue:

    Ok, so I have a ServerA in Domain DOM1 and ServerB in DOM2 Both administrators have sent a safe copy of their CERT.ID to allow cross certification at the organizational level. DOM1 address book has a cross-certificate O=DOM1:O=DOM2/C=DE DOM2 has O=DOM2/C=DE:O=DOM1 Yet TRACE at either server gives and error 'Public Key not found in address book' What is missing?

Solution:

    Verify in the server document if the field Compare Notes public keys against those stored in Directory in the Security tab is Yes. If true change to No. This way the replication will work.

    If you want that this field with the value Yes, you need to create a server document to the other server (if you cross-certified the who domain) or the person document (if you cross-certified just an individual user) and paste the public key in this document.


Specific Instructions for Pasting the Key:

    To paste the public key into a Personal Address Book

    1. In your Personal Address Book, create a Contact document for the owner of the public key.

    2. Click the Advanced tab, and then use the clipboard viewer to open the file or mail message that contains the public key.

    3. Copy the public key from the clipboard and paste it into the "Certified public key" field of the Contact document.

    4. Save the document.

    To paste the public key into a Domino Directory

    1. From the Domino Administrator, do one of the following:

        1. Click the People & Groups tab and edit the Person document.
        2. Click the Configuration tab and edit the Server document.
    2. Click the Public Keys tab in the Person document, or the Administration tab in the Server document.

    3. Use the clipboard viewer to open the file or mail message that contains the public key.

    4. Copy the public key from the clipboard and paste it into one of the following fields:

        • Certified public key field (Domino hierarchical certificates)
        • (Person documents only) Flat name key (non-hierarchical Domino certificates)
      Note You cannot paste Internet certificates into the Person or Server documents.

    5. Save the Person or Server document.


Security Note:

The "Yes" to compare public keys, ensures that if I, as an imposter, set up a domain with the same domain name as the legitimate one, and then send an ID for cross-certification, that the ID is legit and that the public keys are identical. Click on the text for each field for more information.



previous page