Hello guys, maybe this won't change your life... but you never know.
The problem:
I was messing around with some of my test servers / certifiers and got to discover that the certifier id file for one of the test organization I use was lost, definitely, no copy of it survived and the only copy I could find in a backup had a password I couldn't remember.
So what ? It would have not been a problem since it was a test certifier, but I had some spare time so I decided to look for a solution. Some time ago (> 1 year) I enabled the Domino CA process for that specific certifier so, for sure, domino stored the private key/cert id I was looking to recover.
The process:
I started checking the structure of the ICL database that Domino creates for every certificate that you migrate to CA Process.
Of course I was one of the certificate authorities for that Certifier, this allowed me to read all the document.
You know that all the documents in the ICL db are encrypted and readable only by those who are listed as certificate auhtorities (this is usually administrators and if you want the domino server itself).
The solution:
In each ICL database the CA process creates an encrypted IDStorage document tha contains:
A copy of the original certifier file
A password field to open it (you see it int he Password field.
As soon as I got this I detached the id from the document, copied the password using the field browser (in the domino property dialog) and wow.. I got back my certifier.
What to take away
If you lost a certifier id or can't recover/remember the password
and
you have enabled the CA process for that certifier
and
you are one of the listed certification authorities for that CA certifier
then
you can easily recover a working copy of your certifier ID file
by
detaching the ID file from the IDStorage document in your ICL database and opening it using the password as written in the "password" field of the same document.
I love Domino :) Don't you ?
Comments (3)
Daniele Vistalli August 21st, 2008 20:11:03
Oh yes, go for it :)
Domino is always filled with surprises.
Perhaps I can give ID vault a try afterall :-)
Ciao Daniele,
sono Marco Incitti. Abbiamo lavorato insieme in Argonet...
sono felice di averti ritrovato in giro per il web.
Beh mi sono chiesto tante volte che fine avessi fatto ed eccoti qui... ho visto le tue presentazioni ed ho intuito che smanetti sempre con Domino. Io, lavoro sempre nel settore web e dopo i tuoi insegnamenti ho continuato a studiare un pò di programmazione (eh si, è stata colpa tua!!!)
In verità non ti ho mai rignraziato per la tua pazienza...beh lo faccio adesso.
Un saluto alla mente più brillante e controversa che abbia mai conosciuto.
Marco