Notes/Domino Fix List
 |  |
| SPR # PPET6E2LVE | Fixed in 7.0.2 release | Security fix |
Product Area: Client Technical Area: Server Platform: Cross Platform
Lotus Customer Support APAR: LO09055
SPR# PPET6E2LVE - Error "Server Error: Your certificate has not yet been signed by the Certificate Authority. Please try again later." was encountered by users who are registered by an RA on a server other than the admin server and replication of the names.nsf does not precede admin4.
Technote Number: 1158559
Problem:
In both cases, the registration process using the server-based CA process has
not completed. When the CA Process is used to register users, their person
document will initially contain an incomplete certificate. The above errors
will continue to occur until the entire process has completed.
The certificate in the person document will be signed and updated only after
the CA task on the Certificate Authority server has run and the AdminP task has
run on the Administration server.
When a user is registered using the CA Process a Certificate Request document
is created in the Administration Requests database (admin4.nsf) with a status
of "Approved by Registration Authority". This document can be seen in the
"Certification Authority Requests\Certificate Requests" view of the
admin4.nsf. If the CA task is running and the certifier is active, it should
see the Certification Request and process it. If the certifier is not active
it may need to be activated or unlocked. Please see the Lotus Domino
Administration Help for more information on activating and unlocking certifiers.
Once the request has been processed by the CA task, it will now have a status
of "Issued by Certification Authority" and an Admin Request will be created
with the Action: "Recertify Person in Domino Directory". The AdminP task on
the Administration server will process this request and update the person
document with the signed certificate. Note that the new requests will have to
be replicated to the Administration server. The user will now be able to
access the servers once the updates to the person document have been replicated.
An enhancement request to allow a retry cycle for failed AdminP requests has
been submitted to Quality Engineering as SPR #PPET6E2LVE.
Additional information:
Users will not be able to authenticate until the administration process has
processed this request. After registering users, the Administrator should issue
the command "tell adminp process all" to push the request through if access is
required more quickly.
Considerations:
The Administration server for the Domino Directory should be the same server
that the users are being registered on. If this is not the case, the
Administration Process Request will have to replicate to that server from the
Registration Server, the interval will have to pass (this will happen within an
hour), then the person document will be updated.
Now, the updated person document will still have to replicate to the users home
mail server before they can authenticate. More >
Last Modified on 12/10/2013
Go back
|