HCL Notes and Domino 9.0 Social Edition Forum - The subject's Public Key found in the certificate is not the one stored in your ID file for that entity.

This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal

Share ▼
Subscribe ▼

~Evelyn Fezhipilyings

Mar 5, 2014, 4:14 PM

4 Posts

The subject's Public Key found in the certificate is not the one stored in your ID file for that entity.

Category: Accessibility
Platform: Windows
Release: 9.0
Role: Administrator,Developer
Tags: Access denied
Replies: 5

Hello.

I have a Domino 9 Server running on Windows Server 2013. I develop applications and host a small page I made.

I tried to add a new user, and when I logged in using her ID, got this error message: "The subject's Public Key found in the certificate is not the one stored in your ID file for that entity."

Found in the forums tha maybe if the certifier id was accidentally replaced this could happen. So I went to the server, retrieved the certifier id straight from there, and used that id to register the user.

The user was registered successfully, but when I used the new ID in my notes client, and tried to access the server, got the very same error message again.

Any pointers? I feel quite lost right now, so any help would be greatly appreciated.

Thanks in advance.

~Frank Cisboosily

Mar 6, 2014, 1:35 PM

4 Posts

Response

You should check the Notes certificate chain in the ID file against the server directory you are authenticating to.
Check the whole chain - user certs and certifier certs.
On clien,t goto File->Security->User Security->Your identity->Your Certificates. Then select All Notes Certificates in the list box.
Select each cert and make note of the KeyIdentifier.

Then for each cert found in the ID file, open the server directory - locate and open the person or certifier document and perform action->Certificate->Examine Notes Certificates.
Click on the Issued By name and the details will fill in - note the Key Identifier and see if it matches the KeyIdentifier from the ID file.

~Evelyn Fezhipilyings

Mar 6, 2014, 2:15 PM

4 Posts

What happens if they are the same?

Thanks Robert, I have checked the certificate chains, and the KeyIdentifier fields match. But I still get the same error.

However, I found something is different. I checked the certificate chains for the ID that I normally use, the one that has access, and for the new one, that show the error. The last certificate shown, the one with only the certifier name on it, has a different KeyIdentifier in both IDs.

Maybe the certifier's certificate is the one different. Now the question: How do I make them match?

Any idea on what else should I search for?

Thanks in advance.

~Evelyn Fezhipilyings

Mar 6, 2014, 2:41 PM

4 Posts

Certifier ID overwritten

For what I can see now, the certifier ID file does not have the same KeyIdentifier as the one in the Directory. As I got the ID file from de domino data folder, I guess I have overwritten it at some point.

So I need to get the correct ID file, maybe from a backup. But I guess the best solution would be to get the ID file straight from the directory.

Anyone know how to do this?

Thanks in advance.

~Evelyn Fezhipilyings

Mar 6, 2014, 2:41 PM

4 Posts

Certifier ID overwritten

So I need to get the correct ID file, maybe from a backup. But I guess the best solution would be to get the ID file straight from the directory.

Anyone know how to do this?

Thanks in advance.

~Pippy Renutherlen

Aug 29, 2017, 1:30 AM

4 Posts

same problem here

Hello,

I appear to have the same problem with eduardo. I checked the public key for affected user all same except the KI. All affected user has different KI from what server KI have. Anyone know how to resolve this issue?

Share ▼
Subscribe ▼