Skip to main content

Setting up a certifier repository for ID files

Newly provisioned ID files must be certified with an appropriate certifier ID before they can connect to the Domino server. Bravura Security Fabric houses these ID files in a certifier repository to use during provisioning. The certifier repository must be configured before a new user can be created.

You can use an existing certifier repository by defining database options in the configuration file that is specified in the target address. Configuration options are defined in Writing a configuration file for Lotus Domino target systems .

Alternatively, you can create a certifier repository with the default settings used by Bravura Security Fabric .

Note

You do not need to do this if you are using the CA process.

To create a certifier repository:

  1. From a Windows workstation, select Programs > Lotus Applications> Lotus Domino Designer.

    The Lotus Domino Designer window displays.

  2. Log into Lotus Domino Designer by typing your login ID and password in the appropriate fields.

  3. Click Create a New Application to open the New Application window.

  4. Select the appropriate server, not the local server.

  5. In the Title field, type a description of the repository.

  6. Type pscert.nsf in File Name field.

    The default file name is pscert.nsf. If you use a different file name, you must specify it in the target configuration file .

  7. Select Blank from the list box.

  8. Click OK to open the Design-Forms window.

  9. Create a new form:

    1. Click New Form.

    2. In the Name field, type CertifierForm, then close the dialog box.

    3. In the new form, type CertifierName and then a space.

    4. Right-click after the space and select Create Field to open the Field dialog box.

    5. In the Name field, type CertifierName, then close the dialog box.

    6. Click in the new form (after the newly created CertifierName field) to return focus to Design Forms and press Enter to add a new line.

    7. On the new line, type Password and then a space.

    8. Right-click after the space and select Create Field to open the Field dialog box.

    9. In the Name field, type Password, then close the dialog box.

    10. Select File > Save.

  10. Create a new view:

    1. Select Views from the bookmark.

    2. Double-click the untitled view, then right-click the # column, then select View Properties, type CertifierView in the Name field, then close the dialog box.

    3. Right-click the # column, then select Column Properties, type CertifierName in the Title field, then close the dialog box.

    4. Right-click next to CertifierName and select Append New Column.

      The newly created column displays.

    5. Right-click on the new column and select Column Properties to display the Column dialog box.

    6. Type Password in the Title field and then close the dialog box.

    7. Select the CertifierName column.

    8. In the CertifierName (column): Column Value pane, select the Field radio button and click CertifierName.

    9. Select the Password column.

    10. In the Password (column): Column Value pane, select the Field radio button and click Password.

    11. Select File > Save to save the view.

See below for more information about adding a certifier’s ID file to the Bravura Security Fabric Certifier Repository, for integration with a Lotus Notes target system.

Use the addcert program to add a certifier’s ID file to the Bravura Security Fabric Certifier Repository, for integration with a Lotus Notes target system.

Usage

addcert.exe -s <ServerAddress> -i <adminIDfile> -p <password>
             -certid <certifierID> -certp <password> -idfile <path>
             [--instance <instance>]
Table 1. addcert arguments

Argument

Description

-i <adminIDfile> -p <password>

Identifies the credentials to be used by the connector to log in before starting.

-s <ServerAddress>

Specifies the server address. Use the format: <server>[/<config-file.cfg>]

-certid <certifierID>

Specifies the certifier’s short name.

-certp <password>

Specifies the current password for the certifier’s ID file.

-idfile <path>

Specifies a full path to the certifier’s ID file.

–instance <instance>

The name of the Bravura Security Fabric instance on which to run this utility to get log information. If not specified, the program looks for the default instance.



Examples

  • To add a certifier’s ID file by supplying the target system administrator credentials and server address:

    addcert.exe -i c:\admin.id -p haikou02 -s 10.10.77.188 -certid /bravura 
    -certp haikou02 -idfile c:\cert.id

Note

Ensure that every certifier added is also copied to Administrators address book. To do this, launch the Notes client then select File > Open > IBM Notes Application > Server DB > Server’s Directory (names.nsf) > Security > Certificates > Notes Certifiers and select all of the certifiers and click Copy to Personal Address Book.