This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal


~Cheryl Lopponekonyakoi
Sep 21, 2015, 7:18 AM
33 Posts
topic has been resolvedResolved

Certifier Key Rollover and ID Vault

  • Category: Administration
  • Platform: Windows
  • Release: 9.0.1
  • Role: Administrator
  • Tags:
  • Replies: 2

Hello,

I already posted the following in the 8.5 Forums, but it also affects 9.0.1 as far as I can see:

I am testing a certifier key rollover in an environment, where IDs are vaulted.

After rolling over the certifier and before rolling over the user IDs I might have to reset a user password using the ID Vault, but that does not work, because "of course" the certifier and the user certificate no longer match.
Without the user being able to logon I cannot do the rollover of his ID, so I might run into a deadlock here.
Am I missing something?
How is this supposed to work - especially, when the documentations says that rollover and ID Vault work perfectly together?

Thanks for any help.

Manuel

~Fred Umkivitchli
Sep 24, 2015, 3:49 PM
48 Posts
re Certifier Key Rollover and ID Vault
Hi
There are several known issues regarding keyrollover and id vault together not merging changes very well.  You should research the documented SPR's
See
http://www-10.lotus.com/ldd/fixlist.nsf/Public/%5C%5C

Example  :There are some existing Software Problem Defects related to this issue:

SPR# MMFD7HRQWK:  Problems when users with pending key rollovers were vaulted

SPR YDEN9KYL23:  Local Id Is Being Overwritten By The Copy In The Id Vault During Rollover/Recertification Even Though Local Id Is Up.
 
The SPR YDEN9KYL23 is being  fixed in 9.0.1 FP3 releas

SPR # JKAH7P5T2U * ID vault - merging password extras with roll over keys is not working correctly

SPR # MROE7EVTF6 CA Rollover With ID Vault: Rollover Cross Certificates Moves Vault and Password Reset Certs in With Notes Cross Certs

Fix : mCreate new ID Vault and Password Reset Certificates with the rolled over certifier using the Manage Vault Tool.
~Cheryl Lopponekonyakoi
Oct 8, 2015, 6:49 AM
33 Posts
Thank you - Solved

Hello,

Thank you for your input. I will take it into consideration.

We found the misunderstanding:
It is the Vault administrators ID, which needs to be rolled over first. Then you can perform an ID download (no pw reset).

Could have known, but the error message was very unspecific.

/Manuel


This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal