Taken from Admin help – the best place to go for Admin help (not joking the Domino admin help is very good)
To recertify a user ID
Follow these steps to use the Administration Process to recertify a hierarchical ID that is about to expire.
1. To recertify a user ID, you must have:
Author with Create documents access and the UserModifier role, or Editor access to the IBM® Lotus® Domino® Directory
At least Author with Create documents access to the Certification Log (CERTLOG.NSF)
2. From the Domino Administrator, click the People & Groups tab.
3. Select the user to be recertified with the same certifier.
4. From the tools pane, select People – Recertify.
5. Complete these fields:
Server Do one of these:
If you are using the Lotus Domino server-based CA, choose the server that is used to access the Domino Directory to look up the list of certifiers.
If you are supplying a certifier ID, select the server that is used to locate the list of certifiers so that the Certifier ID file can be updated with the latest set of certificates for itself and all of its ancestors. This is also the server on which CERTLOG.NSF is updated.
Use the CA process Choose this option if you have configured the Lotus Domino server-based CA.
Select a CA configured certifier from the list and click OK.
Supply certifier ID and password Choose this option if you are using a certifier ID and password.
Choose the certifier ID that certified the user’s ID and click Open. For example, to rename Joe Smith/Sales/NYC/ACME, use the certifier ID named SALES.ID.
Click “Certifier ID” to select an ID other than the one displayed.
Enter the password for the certifier ID and click OK.
6. Verify the certifying ID information and complete the following fields:
New certificate expiration date (Optional) Specify a certifier ID expiration date other than the default two years from the current date.
Only renew certificates that will expire before (Optional) Enter a date to recertify only a subset of selected user IDs, according to their current expiration dates.
Edit or inspect each entry before submitting request (Optional) Select the option to edit or inspect each entry before submitting the request if you want to view each certificate before it is renewed.
7. If you selected the option to view each entry prior to its being submitted, the Recertify Person dialog box appears with non-modifiable information in the primary and common name fields. Review the information that displays, then select one of the following:
OK – to submit the name change.
Skip – if you are recertifying more than one user ID and you want to continue to the next without submitting a recertification for the current name.
Cancel Remaining Entries – to cancel this recertification, as well as those for any other names you selected and have not yet submitted.
8. When the Processing Statistics dialog box appears, review the information to verify that all name changes have succeeded. Click OK. If any fail, check the Certifier Log (certlog.nsf) to determine the reason for the failure.