This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal


~Rex Opfreelyoopsi
Oct 22, 2015, 8:22 PM
18 Posts

Creating ID Vault, Domino CA, keyring etc

  • Category: Configuring
  • Platform: Windows
  • Release: 9.0.1
  • Role: Administrator
  • Tags:
  • Replies: 3

Hi all,

I am trying to wrap my head around installing a Domino Certificate Authority for the purposes of off-loading user registration to a help desk person without having to give them passwords for the server ID file.

So someone pointed me towards installing a CA process on the server.  Most of it makes sense (although I could use a "high level" overview as I am only a very part time Domino admin).  I also know that this company would like to implement the ID vault.  Also, one of the admins there also just made changes to the mail server so that it uses TLS and that required him to create a .kyr file for the server using OpenSSL.

Could someone tell me if a) this recent .kyr file addition will have any effect (or use) for setting up the CA process?  Also, if they want to use the ID Vault, should this be set up after the CA process or are they really just independent of each other?

Any other advice when setting this up would also be appreciated.  Oh, and if anyone knows of either a Youtube tutorial or good online tutorial or even a really good Domino admin book, those might help (I find I start to get a little lost jumping around the help files).

Thanks.

~Hank Lopvelutergon
Oct 26, 2015, 12:03 PM
100 Posts
I feel your pain

Also a part time admin who's done some of this. In our case, we were just setting up an https server and self-certifying. It was convoluted (to a non-admin) but we eventually figured it out until the TLS thing happened then the re-learning curve was high.

So, based on personal experience only;

  • The admin help and targeted searches for information can get you everything you need.
  • If you have a test environment, you can muck about without killing anything so if this is something you want/need to learn, play until you get it right, then do it in production.
  • If this is low risk (i.e. it's OK to screw up your production environment), then play until you get it right.
  • If you don't have a test environment and/or this is important and/or screw ups are not allowed, pay for a consultant; the cost of getting it right is FAR less than getting it wrong and screwing up your server.

Doug

~Hank Lopvelutergon
Oct 26, 2015, 12:03 PM
100 Posts
I feel your pain

Also a part time admin who's done some of this. In our case, we were just setting up an https server and self-certifying. It was convoluted (to a non-admin) but we eventually figured it out until the TLS thing happened then the re-learning curve was high.

So, based on personal experience only;

  • The admin help and targeted searches for information can get you everything you need.
  • If you have a test environment, you can muck about without killing anything so if this is something you want/need to learn, play until you get it right, then do it in production.
  • If this is low risk (i.e. it's OK to screw up your production environment), then play until you get it right.
  • If you don't have a test environment and/or this is important and/or screw ups are not allowed, pay for a consultant; the cost of getting it right is FAR less than getting it wrong and screwing up your server.

Doug


This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal