Note Many of the manual tasks associated with managing a CA prior to Domino 6 are now automated when you use the CA process.
Domino certificate authority administrator tasks
The Domino certificate authority administrator (CAA) is responsible for these tasks:
As a best practice, designate at least two CAAs for each certifier. You then have a backup if one leaves the organization.
Note By default, the administrator who creates a certifier is automatically designated as both a CAA and an RA for that certifier. When you create additional CAAs, they must be assigned the RA role in order to register users.
Domino Registration Authority administrator tasks
A registration authority (RA) administrator registers Notes users and Domino servers, approves or denies Internet certificate requests, and, if necessary, revokes Internet certificates. While a CA administrator can also be a registration authority, the main advantage of having a separate RA role is to offload these tasks from the Domino and/or CA administrator. Moreover, the Domino administrator can establish one or more RAs for each certifier enabled for the CA process.
An RA should approve only those requests that will be accepted by the certifier. The CA Configuration document, stored in the CA's ICL database, describes what is acceptable.
Domino administrators who register Notes users should also be listed as RAs for the Notes certifier.
If you are using the Web Administrator client, you need to set up a server-based certification authority to register Notes users. The Web administrator, as well as the server on which the Web Administrator database resides, must be listed as an RA for that certifier.
The Domino Registration Authority (RA) administrator is responsible for these tasks:
See also