Thanks for the links. Have read through once already. I am not new to Domino but can't say I understand a lot about certificates etc (other than they authenticate the identity of something).
Could you provide me a "high level" overview of what I need to do? Here is what I understand so far (? marks mean I am guessing):
- I would start up a CA task on the server; this would issue new certificates based upon the server's current certifier (?)
- somehow the registration process would be changed so that when a help desk or admin person started to register someone, instead of having to pick and type in a password for the certifier.id file on the server, it somehow sends a request to the CA task to issue a certificate (?)
- the CA task then sends back a certificate that is merged into the user's new ID file (?)
Other questions: does the CA process need to somehow register or get a certificate itself form some pubic CA or since it uses the servers certifier.id it is trusted as a CA?
Thanks. I will re-read the docs and maybe try to find others but thought a high level overview would help me at this stage.