This idea has been merged into another idea. To comment or vote on this idea, please visit ADMIN-I-10 The expiration date for ID vault certificate is not able to update.
When setting up the ID vault, the Vault Trust Certificates and the Password Reset Certificates are set to expire 10 years after creating them. There is no way to change this. These certificates expire without any warning. Once they expire, administrators are no longer able to create new users because they cannot store the ID file in the ID Vault.
Lots of problems here that need fixing.
1. Admins should have the opportunity to set the expiration date of the Vault Trust Certificate.
2. The system should provide a warning in the expiring certificates view of the Domino Directory.
3. The error message reported in the User Registration panel should be more explicit in what the problem is when the ID cannot be stored in the ID Vault.
4. The process of renewing the certificates requires manually deleting them from the Domino Directory and then creating them new. There is no way to update the certificates. (See this technote: https://www-01.ibm.com/support/docview.wss?uid=ibm10878126 )
5. The process of recreating the Vault Trust Certificates and the Password Reset Certificates (and in general managing the ID Vault) should allow it to use the CA process, not require having the organization certifier in hand.