Anyone who has been operating a Notes/Domino environment for a long time started »back then« with small key lengths in the certifiers as well as server and user IDs (630 bits), which are now considered insecure and should be replaced as soon as possible. Secure keys have a length of 2048 - 4096 bits.
The »Domino Certificate Authority Key Rollover« process allows an organization to assign new private and public keys to its Domino organization and its organizational units, servers, and users. The process of provisioning new private and public keys is commonly known as »key rollover« and is referred to as such throughout the remainder of this documentation.
The primary objective of this book is to provide you with a practical guide for performing a key rollover in your own Domino environment. In addition, you will also find some background information about the certifiers as well as server and user IDs, which are not available or difficult to find in the official documentation from HCL on this topic.
This book is very detailed and includes many screenshots. This should also enable administrators who are not so familiar with certificate management to implement a key rollover in their Domino environment without errors.
Hint All documentation refers exclusively to the use of certifier, server and user ID files. Key rollover when using the Domino CA process is not discussed.