When Compare Public Keys on the Server Document under Security Tab -> Security Setting in the Field: "Compare public keys:" was enabled and customer did a cross certification, and error: "Your public key was not found in the Domino Directory" is being encountered.
As per Escalation Engineering Team, this is working as designed.
The source server sends its certificate chain to the destination server to be authenticated.
-And then the authentication server sends back its certificate chain for authentication.
-Since the source server has "check public key enabled" it will check the Domino directory for a match public key of the destination server.
- Here the public was not found and hence the error message "Your public key was not found in the Domino Directory"
-Outside of that setting "Compare public keys"- authentication uses cross certificates between two domains to establish trust .
-The two - check public key and cross certificates - are separate parts of the authentication process.
And resolution was to keep this option DISABLED.
However, customer refused to Disable this because they are worried the server might be vulnerable to hackers.
Need to enhance functionality of this option and allow cross certified servers to log in on both domains even if this option is enabled.
"Enforce key checking for Notes users and Domino servers listed in trusted directories only" is the setting you want to use in your case.
This is working as designed with no plans to change.
Both parties need to have the public key's of the other side in their certificate list/in the domino directory for this message to disappear.