Blog | On the Web | About me

Search 


Hello guys, maybe this won't change your life... but you never know.

The problem:

I was messing around with some of my test servers / certifiers and got to discover that the certifier id file for one of the test organization I use was lost, definitely, no copy of it survived and the only copy I could find in a backup had a password I couldn't remember.

So what ? It would have not been a problem since it was a test certifier, but I had some spare time so I decided to look for a solution. Some time ago (> 1 year) I enabled the Domino CA process for that specific certifier so, for sure, domino stored the private key/cert id I was looking to recover.

The process:

I started checking the structure of the ICL database that Domino creates for every certificate that you migrate to CA Process.
Of course I was one of the certificate authorities for that Certifier, this allowed me to read all the document.

You know that all the documents in the ICL db are encrypted and readable only by those who are listed as certificate auhtorities (this is usually administrators and if you want the domino server itself).

The solution:

In each ICL database the CA process creates an encrypted IDStorage document tha contains:

Image:SNTT - Ultimate Admin tip - Recover a lost or destroyed certifier ID (if you have CA process enabled)

A copy of the original certifier file
A password field to open it (you see it int he Password field.

As soon as I got this I detached the id from the document, copied the password using the field browser (in the domino property dialog) and wow.. I got back my certifier.



What to take away

If you lost a certifier id or can't recover/remember the password

and

you have enabled the CA process for that certifier

and

you are one of the listed certification authorities for that CA certifier

then

you can easily recover a working copy of your certifier ID file

by

detaching the ID file from the IDStorage document in your ICL database and opening it using the password as written in the "password" field of the same document.





I love Domino :) Don't you ?



Comments (3)
Daniele Vistalli August 21st, 2008 20:11:03

 Comments
1) Thanks
Daniele Vistalli 03/27/2009 9:29:08

Oh yes, go for it :)

Domino is always filled with surprises.

2) Thanks
Ninke Westra 03/27/2009 8:22:51

Perhaps I can give ID vault a try afterall :-)

3) Saluti
Marco Incitti 11/17/2008 23:08:58

Ciao Daniele,

sono Marco Incitti. Abbiamo lavorato insieme in Argonet...

sono felice di averti ritrovato in giro per il web.

Beh mi sono chiesto tante volte che fine avessi fatto ed eccoti qui... ho visto le tue presentazioni ed ho intuito che smanetti sempre con Domino. Io, lavoro sempre nel settore web e dopo i tuoi insegnamenti ho continuato a studiare un pò di programmazione (eh si, è stata colpa tua!!!)

In verità non ti ho mai rignraziato per la tua pazienza...beh lo faccio adesso.

Un saluto alla mente più brillante e controversa che abbia mai conosciuto.

Marco

 Add a Comment
Subject:
   
Name:
E-mail:
Web Site:
 
Comment:  (No HTML - Links will be converted if prefixed http://)
 
Remember Me?