If a password reset authority is in an organization different from the organization assigned to your vault, you may need to take additional steps in order for the password reset authority to be able to reset passwords successfully. If not already created, you will need to create cross-certificates so that both organizations can establish trust with each other.
Cross-certificates can be pushed to Notes clients. See this article "
Pushing trusted certificates to Lotus Notes clients" from the IBM Lotus Notes and Domino Information Center.
For example, your company has a Domino domain with two organizations, "Acme" and "Star." You have created a vault called "AcmeVault" for the organization Acme. You would like to add a user "Admin User/Star" as a password reset authority for the organization Acme .
Using the vault manage tool in the Administrator client, you add the user Admin User/Star as a password reset authority for the organization Acme, thus creating a password reset certificate for Admin User/Star for the organization Acme. Through this password reset certificate, Acme trusts Admin User/Star to reset passwords. However, Admin User/Star may still not be able to reset passwords and you may receive a "Missing or invalid Password Reset/Vault Trust Certificate" error. The password reset authority's organization, Star, needs to be able to establish trust with Acme as well, and you will need to create a cross-certificate issued by Star to Acme.
1. Using the Notes Administrator client, create a cross certificate from Star to Acme.
Select the "
Configuration" tab, expand "
Tools" -> "
Certification" and click "
Cross Certify."
2. Copy the certificate issued by Star to Acme created in Step 1 to the password reset authority's local Personal Address Book.
One way to do this is to open the server's directory from the password reset authority's computer, then select the cross certificate and click on the "
Copy to Personal Address Book" button. (See picture below.)
3. Check that a copy of Acme's Notes certifier certificate exists on the server in the "Certificates" view under "Notes Certifier". If it does not exist, you will need to make a copy of the certificate and store it on the server.
Afterwards, "Admin User/Star" will be able to successfully reset password for users in the organization "Acme."