Lotus Notes Server Error Your Certificate Has Expired
Contents |
Error: Your one or more certificates in your notes id have expired. contact your domino administrator certificate has expired" certificate expired registration policy id
Lotus Notes Certificate Expiration Notification
Technote (troubleshooting) Problem You register a new user account in your IBM one or more certificates in your notes id are expiring Lotus Domino system, and when that user attempts to utilize their id file, the following messages appears: "Server Error: Your certificate
Lotus Notes Certification
has expired" Diagnosing the problem You can check the certificate expiration date for the user at the following location: (Domino Administrator Client) Configuration tab -> Certificates -> Certificate Expiration view. Resolving the problem This error can be caused by a Domino registration policy. On the ID/Certifier tab, of the registration settings document: Inspect the "Certificate Expiration Date" field. Does it contain a static date value which has already passed? Changing the static date to in the future, or using the "Months from User Creation" option will correct this expiration problem. After you have made this change to the registration policy, delete and re-register the user. Document information More support for: Lotus End of Support Products Lotus Domino Software version: 6.0, 6.5, 7.0 Operating system(s): AIX, IBM i, Linux, Solaris, Windows, z/OS Reference #: 1267272 Modified date: 17 November 2008 Site availability Site assistance Contact and feedback Need support? Submit feedback to IBM Support 1-800-IBM-7378 (USA) Directory of worldwide contacts Contact Privacy Terms of use Accessibility
server Server error - your certificate has expired; certificate; server error; expired; Server; Security; User ID/Passwords; 1094456; 1234004; backup copy is not available Technote (FAQ) Question The administrator's ID file has been allowed to expire, and there are no other ID files which can be used to access the server. Attempts to access the server using an expired administrator ID results in the following error: "Server error - your certificate has expired" There are no other administrative IDs that can be used to access the server. What http://www-01.ibm.com/support/docview.wss?uid=swg21267272 are your options? Answer Perform the following workaround to certify the expired ID: 1. Open the Domino Administrator client. (The server should be set to "local".) 2. Select the Configuration tab. 3. Select Tools -> Certification -> Certify. 4. Select the certifier ID and enter the password. Set the server to Local. Note: The following error may appear: "The public key that is being http://www-01.ibm.com/support/docview.wss?uid=swg21218490 used does not match the one that was certified." This occurs because the client cannot connect to the Notes certifier document in the address book on the server. To continue past this error, select "Yes" when prompted with the following: "Do you wish to continue without updating the Certifier ID?" 5. Select the Notes/Admin ID to certify. Note: You will see an error: "Entry not found in index, Do you want to certify anyway?" Click Yes. 6. Ensure that the server is still set to "local" (at the top of the dialog), set the expiration date, and then click Certify. 7. At this point you should have access to the server, as long as public key checking is not enabled on the server. If public key checking is enabled on the server, you must complete step 8 before you can access the server. 8. Copy the public key from the ID into the Person document (Certificates tab -> Notes certified public key field.) File -> Security -> User Security (this opens the user ID) Select Your Identity -> Your Certificates Click the "Other actions" button and choose Mail, Copy Certif
Administrators password, but cannot use the Administration client (or any Notes client) with the Administrators ID file, because the Administrators ID file certificates have expired. It's a pretty simple thing to fix. EITHER: Use your http://www.matnewman.com/webs/personal/matblog.nsf/dx/domadmincertexpired.htm?opendocument&comments server's Notes client to recertify the Administrator. OR Get hold of an ID file for a user who hasn't expired, Add that user to the 'LocalDomainAdmins' group, Access the Domino Directory on the server http://onemanitshop.blogspot.com/2009/10/lotus-notes-expired-id-file.html and recertify the Admin ID, Remove the user from the 'LocalDomainAdmins' group, Done. The details: Using a server. Go to the physical domino server, Browse to the Domino program folder, Locate nlnotes.exe, Run it. lotus notes Yes I KNOW this is not a 'supported configuration' but hey, it Domino - #ThisS***JustWorks. You now have a notes client, which you can use to access the names.nsf locally (the Domino Directory), Go to 'People', Choose (highlight) the Administrator, Choose (from the menu) ACTIONS -> Recertify Selected People, Choose the Administrators organization certifier, Enter the certifier password. Choose a date a long time from now (you one or more WANT your Admin ID file to expire every two years???), Done. The Long way - elevate another user. If you know the Administrators password, there is a fair chance you can still access the Domino Web Administrator using that password: Log-in to the Webadmin using: http://yourserver.com/webadmin.nsf and the Administrators Username and Password, Go to 'People and Groups', Edit the 'LocalDomainAdmins' group to include the users name who's ID file has not expired, On the Domino Console, 'load updall -r names.nsf', then 'dbcache flush', Start the users Notes client, Open the Domino Directory (names.nsf) on the server, Choose People from the navigator, Highlight the Administrator, Choose (from the menu) ACTIONS -> Recertify Selected People, Choose the Administrators organization certifier, Enter the certifier password. Choose a date a long time from now (you WANT your Admin ID file to expire every two years???), Using any method you want (you've got a recertified Admin now), remove the user from the 'LocalDomainAdmins' group, Done. Hope this helps someone, this has happened a few times in the last couple of months when we pick up a new (old) Notes customer who hasn't needed to use the Admin ID in a while. Domino Administrators ID file certificates ha
is the default, can be changed manually).When the expiration date get close Domino is kind enough to notify the user and there is your problem...Typically there are 3 groups of users:Some users will actually read the message that ask them to forward it to an administrator (a one click action). Most of them will call you and ask why they received the message. The problem is with the other group, those who ignore it. This group cause problems since they will show up one morning (as one of my dearest users did this morning) and will be locked out of Notes with this error on screen Server Error: Your certificate has expiredWhen you have such a user you have to use the Administrator console using this procedure: How to manually recertify an expired ID. Now don't get me wrong. It is not that complicated and I'm not complaining but it does involve an extra step: Physically access the users client to import the new recertified ID file. While in a small shop it is not that bad, in a larger environment it is a huge pain. How to avoid it? Educate your users, explain about this certification and hope they'll remember next time and hope they leave before the renewal date because most chances are they will not remember. Posted by One Man IT Shop at 10:24 AM Reactions: Labels: Domino Server, ID File, Lotus Notes, System Administrator No comments: Post a Comment Newer Post Older Post Home Subscribe to: Post Comments (Atom) About Me One Man IT Shop This blog is about daily stuff I have to deal with running my shop View my complete profile Search This Blog Loading... Blog Archive ▼ 2009 (58) ► November (3) ▼ October (13) ApplicationXtender and Active Directory Cisco security Phones get static and drop calls Lotus Notes Expired ID file HP Printers backorder - closer BGP router down Lotus Notes send on behalf of DR when it matters Yahoo! Mail screen resolution Cisco IOS 15.0 - released Just Traceroute Group Policy Preferences in Windows 2008 Free version of GFI WebMonito for ISA Server ► September (14) ► August (19) ► July (9) My Blog List Cisco IOS hints and tricks Do Enterprises Need VRFs? 1 day ago GigaOM Gothamist Extra, Extra: BuzzFeed CEO Has Some Stories About Ivanka Trump He'd Like To Share With The Class 9 hours ago IPHONETOUCH.BLORGE iPhone 8 Latest Leaks - What We Know About It? 2 weeks ago Lifehacker The Flying Freedom Desktop 7 hours ago MakeUseOf.com Hello Again: Apple Will Reveal New Macs on October 27 9 hours ago Tech-Recipes Blogs Aggregator Final Post/Blog is moving 3 years ago TechCrunch Tapping into photo history, the £449