SECURING YOUR DATA

Renewing Notes certificates before expiration
Your User ID comes with a IBM® Lotus® Notes® Multi-purpose certificate and a Lotus Notes International certificate. They are valid for a period of time and then need to be renewed before they expire. If a certificate is not renewed by the expiration date, it becomes invalid. If your Lotus Notes Multi-purpose certificate is not renewed by the expiration date, you are able to start Lotus Notes but cannot login to any Lotus Notes server. At this point, you must contact your administrator.

When you renew your certificate, you are just changing the expiration date of the certificate. Your public and private keys stay the same. Because your private key doesn't change, your administrator may renew your certificates without your intervention. If your administrator does not renew certificates automatically, you receive a prompt when your certificates are about to expire.

To find out when your Lotus Notes certificates expire, choose File > Security > User Security (Macintosh OS X users: Notes > Security > User Security), click Security Basics, and refer to the "ID File expiration date" under "Who You Are." To find out when your Internet certificates or Lotus Notes flat certificates expire, in User Security click Your Identity > Your Certificates, choose the types of certificates you want to view from the drop-down list, select a certificate, and refer to the "Expires" date below the certificate.

Note If you are not a Lotus Notes mail user and you are prompted to renew your certificate, you need to renew your certificates using removable media that you can deliver to your administrator.

Click any of these topics:


To renew Notes certificates

When you send someone your certificate, you are actually sending a safe copy of your User ID. A safe copy of your User ID contains enough information for recertifying your User ID, but not enough information so it can be used by a malicious user.

Whenever you renew your certificate, make sure to update any copies of your User ID as well (unless you are a roaming user, whose User ID replicates).

1. Click File > Security > User Security.
Macintosh OS X users: Notes > Security > User Security.

2. Click Security Basics, and then click the Renew button under "Who You Are."

3. Click the Continue button in the "Confirm Renewal" dialog box.

4. Enter the name of your IBM® Lotus® Domino™ administrator(s) in the To: field. If your administrator's name is available, it appears in the To field when you are connected to the network. Click the Address button to locate a name in the Domino Directory or your Contacts.

5. Click Send.

6. The renewal process is complete when your administrator responds to your request. After your administrator has prepared updated certificates for you, you may either receive your new certificates by e-mail (open the e-mail, and choose Actions > Accept Certificate), or your User ID may automatically be updated with the new certificates the next time you login to Lotus Notes. Once you have verified that you have the updated Lotus Notes certificates installed on your User ID, make sure to update any copies of your User ID as well.

Go to top

To renew Notes certificates using removable media or another mail program

When you renew a Lotus Notes certificate using removable media or another mail program, you need to create a safe copy of your User ID to send to your administrator. A safe copy of your User ID contains enough information for recertifying your User ID, but not enough information so it can be used by a malicious user.

Whenever you renew your certificate, make sure to update any copies of your User ID as well.

1. Insert removable media into your disk drive if using removable media to deliver your User ID to your administrator.

2. Click File > Security > User Security.
Macintosh OS X users: Notes > Security > User Security.

3. Click Security Basics, and then click the Renew button under "Who You Are."

4. Click the "Export ID" button in the "Confirm Renewal" dialog box.

5. Change the directory to the floppy disk drive or to a directory that you can access from your other mail program in the "Enter Safe Copy ID File Name" dialog box.

6. Enter a file name for the safe copy of your User ID in the File Name field (Macintosh users: Save As field). The default is SAFE.ID.

7. Click Save, and then close the "Confirm Renewal" dialog box.

8. Deliver the floppy disk to your Domino administrator, or attach the safe User ID to an e-mail and send it through another mail program.

9. When you receive your floppy disk back, you need to import your renewed certificate into your User ID.

Go to top

To request new Notes flat certificates

You can request a new flat certificate at any time by mailing your request to the administrator of a flat certifier. You might need a flat certificate to connect to an old server.

1. Insert removable media into your disk drive.

2. Click File > Security > User Security.
Macintosh OS X users: Notes > Security > User Security.

3. Click Your Identity > Your Certificates.

4. Click Get Certificates > Request New Notes Flat Certificate.

5. Enter the name of the Domino administrator(s) in the To field (click Address to choose from your Contacts). If your administrator's name is available, it appears in the To field when you are connected to the network.

6. Click Send.

7. When your administrator sends you your new certificate, open the e-mail and choose Actions > Accept Certificate.

Note If you are importing a flat certificate or a new User Name into your User ID, you are prompted with the "Merge Certificate Into Your ID File" dialog box. This dialog box asks if you want to trust other certificates signed by the certificate authority (CA) that created the certificate. If you choose to trust the CA, you can access all of the servers that have that certificate or are identified by the CA that issued you the certificate. If you choose to not trust the CA, you cannot get access to these servers.

Go to top

See Also