SECURING


User and server key rollover

Key rollover is the process used to update the set of Notes® public and private keys that is stored in user and server ID files. Periodically, this set of keys may need to be replaced -- as a precaution against undetected compromise of the private key; as a remedy to recover from a known compromise of the private key; or to increase security by updating to a larger key.

About this task

You configure triggers to initiate user key rollover through a security settings policy document, and for the server key rollover, in the Server document. Triggers include:


Administrators can use key rollover to deploy replacement keys to groups of users through a Security settings policy document.

Notes users can also trigger key rollover by using the Create New Public Keys button on the User Security dialog box. If they choose Authentication protocol to as the certificate request method, the current keys are rolled over just as if it were triggered by a policy setting. If they choose Mail Protocol, the Domino® 6 and earlier mail method is used. For more information on how users can trigger key rollover, see the related links.

When a policy has been established, or if the user has triggered key rollover through the User Security dialog box, the next time the user authenticates with the home server, key rollover information is written to the ID file. When a trigger condition occurs and a user accepts the prompt to allow key rollover, key rollover is initiated and new keys are created in the user ID file and marked pending. When the user authenticates with the home server after the new/pending keys are generated, a Certify New Key Request is created in the Administration Requests database.

To complete the key rollover process:

Procedure

1. In the Domino Administrator, open the Administration Requests database.

2. In the Certify New Key Requests view, select the request for the user, and then click Certify Selected Entries.

3. In the Choose a Certifier dialog box, do one of the following:


4. In the Certificate Expiration Date dialog box, verify that the date is correct and click OK.

5. In the Processing Statistics dialog box, verify that there are no failures and click OK.

Results

When the user next authenticates with the home server, a dialog box appears, asking the new user if they want to accept the new public keys. The user must click OK to accept the new certificates. The new/pending keys in the user's ID file are activated and the old keys are archived.

Note: The archived keys remain in the ID file so they are available to decrypt documents that were encrypted with that key.

To configure server key rollover

Procedure

1. In the Server document, click Administration.

2. Complete the following fields:


3. Close and save the document. Key rollover information is written to the server ID file. When a trigger condition occurs, key rollover is initiated and new keys are created in the server ID file and marked pending.

4. Restart the server.

5. In the Domino Administrator, open the Administration Requests database.

6. In the Certify New Key Requests view, select the request for the server, and then click Certify Selected Entries.

7. In the Choose a Certifier dialog box, do one of the following:

8. In the Certificate Expiration Date dialog box, verify that the date is correct and click OK.

9. In the Processing Statistics dialog box, verify that there are no failures and click OK.

10. At the server console, type tell adminp process all to complete the key certification processing.

11. Type restart server.

Results

Restarting the server causes the server to read its configuration and accept the new certified keys.

Related tasks
Creating a security policy settings document
Creating a new Notes public key and adding it to the Domino Directory