+

Search Tips   |   Advanced Search

Set up secret key encryption infrastructure

The Java agents use the idipwsync.nsf database to store documents that are required for further password processing. You must encrypt the documents to protect them in this database.


Procedure

  1. Generate a secret key:

    1. From the Lotus Domino Administrator, select File > Security > User Security.
    2. Select Notes Data > Documents from the left navigation panel.
    3. Click New Secret Key.
    4. Enter IDIPWSync as secret key name and click OK.
    5. Click Other Actions and select Export Secret Key.
    6. Enter a password to protect the exported secret key. Note: This step is optional.
    7. Save the key in a file named idipwsync.key.
    8. Click Close.

  2. Import the secret key in the Domino Server ID file:

    1. Stop the Domino Server.
    2. In Lotus Domino Administrator, select File > Security > Switch ID.
    3. Open the server.id file for the Domino Server. You must use either a Lotus Domino Administrator that is installed on the Domino Server system, or copy the server.id file to the system where the Lotus Domino Administrator is installed. The server.id file is saved at: domino_data_directory
    4. Select File > Security > User Security.
    5. Select Notes Data > Documents from the left navigation panel.
    6. Click Other Actions and select Import Secret Key.
    7. Open the idipwsync.key file.
    8. If the file is protected by a password, enter the password that was created when you exported the secret key. For more information about the password, see Substep f of Step 1.
    9. Click Accept to import the secret key.
    10. Click Close.
    11. Select File > Security > Switch ID and switch back to the administrator ID file.
    12. If you edited a copy of the server.id file, copy it over the original server.id file in the domino_data_directory directory. Back up the original server.id before the file is overwritten with the new one.
    13. Start the Domino Server.

  3. Import the secret key in the ID files of all the administrators or users to edit the Person documents and to change the HTTP passwords. For each of these administrators or users, do the following steps:

    1. From the Lotus Domino Administrator, select File > Security > Switch ID.
    2. Open the ID file of the administrator or user.
    3. Select File > Security > User Security.
    4. Select Notes Data > Documents from the left navigation panel.
    5. Click Other Actions and select Import Secret Key.
    6. Open the idipwsync.key file.
    7. If the file is protected by a password, enter the password that was created when you exported the secret key. See the Step 1 for information about how to generate a secret key.
    8. Click Accept to import the secret key.
    9. Click Close. Note: Administrator and user ID files must not contain the secret encryption key to change the HTTP Password field of Person documents.


What to do next

Set up port encryption


Parent topic:

Deployment on a single Domino Server