ID File management is one of the most important processes that you will
undertake as an administrator...
More to come, I'm just testing this out at the moment :-)^
The Certificate is like a skeleton key for your organisation
- lose it, and you have to start again.
The Certificate has to be managed in such a manner that
it can neither be lost, or compromised. We have copies on two floppies
(and now CD's) with the password written on them in an sealed envelope
in the company safe. The day to day use is done by the Notes Administrator,
who has her own copy. In other organisations, we have controlled the use
of the certifier by having
with the rights to use it, but who didn't know the password, and didn't
have the actual certifier
who had the actual certifier, but didn't have the rights to use it, and
didn't know the password
someone who knew the password, but didn't have the rights to use it, or
the actual certifier
Needless to say, this was a nightmare, but it did motivate
us to do our certification in batches.