Lotus Domino Administrator 8.5 Help - Publishing third-party CA client certificates in a Person record

SECURITY

Publishing third-party CA client certificates in a Person record
IBM® Lotus® Notes® and Internet users who have a client certificate from a third-party certifier may want to have this certificate published in their Person record so that, if a user authenticates with an IBM® Lotus® Domino® server over SSL with that certificate, Lotus Domino will be able to determine the user's Lotus Notes identity. The server can the use the Lotus Notes identity to check server database ACLs to determine the user's access to those databases. If the certificate with which a user authenticates isn't in a Person document, Lotus Domino gives the user anonymous access, even though the user has authenticated using SSL authentication.

To publish a third-party client certificate in a user's Person record, use the Certificate Publications Request database. Clients submit certificate publication requests to the database, where they are approved by an administrator. After a request is approved, a publication request is created automatically in the Administration Process database. When the request is completed, the third-party client certificate is published in the requester's Person record.

In order to use this database, the server on which it is hosted must:

Be configured for SSL, accepting both client certificates and anonymous access
Have trusted root certificates installed in its server key ring for any certifier whose certificates you want to accept for publication

In order for users to make a publication request, they must be able to authenticate to the Certificate Publications database with the certificate they want to have published.

Note The user does not have to have a Person document in the Lotus Domino Directory to make a publication request. The administrator can create a Person document once the request has been entered, and it has been decided that the certificate's owner can be trusted.

To create the Certificate Publications Request database

1. From the Lotus Domino Administrator, click File - Application - New.

2. Create a new database using the Lotus Domino Certificate Publications Request template (CERTPUB.NTF).

To publish a third party CA client certificate in a Person record

1. The client opens the Certificate Publications Request database using a browser, completes the Certificate Registration Request form, and submits it.

2. The administrator approves or denies the publication requests in the Waiting for Approval view.

3. If the request is approved, it is submitted to the Administration Process and the client certificate is published in the requester's Person record.

Setting up a Person document for an Internet user using SSL client authentication

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary