IBM Domino 9.0 Social Edition Administrator Help

SECURING

ID vault limitations
Be aware of the following current ID vault limitations.

Creation of the cross-certificates that are needed to establish vault trust and password reset authority requires access to a parent certifier ID file of the user IDs to be stored in the vault; you cannot use the CA process when creating these certificates. Additionally, performing certificate authority key rollover on these certifier IDs is not supported.
Note: You can use the CA process when registering users into the vault.
Smartcard-enabled IDs cannot be stored in a vault.
All replicas of a vault must be located within a single Domino domain and all vault users must have home servers in that domain. Note, though, that users under different organizational certifiers can all use one vault, as long as their home servers are within the same Domino domain as the vault.