SECURITY
Note Many of the manual tasks associated with managing a CA prior to Domino 6 are now automated when you use the CA process.
Domino certificate authority administrator tasks
The Domino certificate authority administrator (CAA) is responsible for these tasks:
As a best practice, designate at least two CAAs for each certifier. You then have a backup if one leaves the organization.
Note By default, the administrator who creates a certifier is automatically designated as both a CAA and an RA for that certifier. When you create additional CAAs, they must be assigned the RA role in order to approve or deny a certificate request.
Domino Registration Authority administrator tasks
A registration authority (RA) administrator approves or denies Notes or Internet certificate requests, and, if necessary, revokes Internet certificates. While a CA administrator can also be a registration authority, the main advantage of having a separate RA role is to offload these tasks from the Domino and/or CA administrator. Moreover, the Domino administrator can establish one or more RAs for each certifier enabled for the CA process.
An RA should approve only those requests that will be accepted by the certifier. The CA Configuration and Certificate Profile documents, stored in the CA's ICL database, describes what is acceptable. A current valid copy of the document is also stored with the certifier document as an attachment.
Domino administrators who register Notes users should also be listed as RAs for the Notes certifier, to minimize the steps that are needed to have a certificate issued by the certifier.
If you are using the Web Administrator client, you need to set up a server-based certification authority to register Notes users. The Web administrator, as well as the server on which the Web Administrator database resides, must be listed as an RA for that certifier.
The Domino Registration Authority (RA) administrator is responsible for these tasks:
See also