March 8th, 2006

A Word about your Domino 7 test system and R5 clients

Posted at 10:36:32 AM in  Domino Administration | Add/Read Comments (4) | Permanent Link: A Word about your Domino 7 test system and R5 clients

So you've gotten some hardware, and are putting up your Domino 7 test domain to begin testing for your organization.  You know how to build a new domain - you've done it plenty of times.  But wait - there's something you need to know about setting up Domino 7 as a NEW system.  Keep in mind - this is only for new domains, not for upgraded servers - I will repeat this again before I'm through.  

So what happens is that the first server gets created as a 'pure' Domino 7 server, meaning it gets its server ID created with the new 1024 bit width key.  This is fine if you only plan to use Notes 6 or 7 clients, but R5 clients hate it.   The R5 clients get a pop-up with this text:  The signature on the certificate was found to be  invalid,Check the log file for details,Do you want to access the server anyway?  You click yes, and it ignores you.


So how do you deal with this?  

There are two solutions

  • Simply create the second server in your test domain.  When you register a server, you have the option of selecting the key width, and the default is 630 bits, which is loved by all client versions.  Use your second server for R5 testing, and the first one for  Notes 6 testing.  
  • If you haven't created your new domain yet, or can afford to toss the one you have, just load your server code, and before you begin the setup, edit the INI file (that little 4-line INI file sitting there) and add this line:   Setup_First_Server_Public_Key_Width=630.    Your first server, as well as all others after that will be created with the smaller key.

You'll find this documented in the Release Notes.  It hasn't made it to a Technote - mainly because I haven't written one.  (Note to self- put this on your To Do list).  I always recommend reading Release Notes, because sometimes things make it in there faster than we can get technotes written and out to you.  

This  won't happen if you upgrade a server from R5 or Domino 6.  The existing server key isn't touched during the upgrade, so all is well in your production domain.  (See, I told you I'd mention it again)

Anybody (besides me) run into this yet?  Just wondering.