You can also push Internet certifiers to clients and enable users to create cross-certificates themselves.

There are two ways to push certificates to clients' Contacts: through customization of the Lotus Notes client installation media or through security policy settings. The security policy settings approach provides more flexiblity because it allows you to more easily add, remove, or update certificates in clients' Contacts after installation. For example, when you use security policy settings, if a certificate expires and you replace it with a new one in the Domino Directory, you can cross-certify the new certificate and add the cross-certificate to the policy to automatically push it to clients. Or, if you revoke trust of a certificate by deleting its cross-certificate from the Domino Directory, the cross-certificate is automatically deleted from clients' Contacts.

Perform the following steps to push trusted certificates to clients:

1. If you want to push trust of an Internet certifier, first import the certifer into the Domino Directory.

2. Create cross-certificates in the Domino Directory for any Internet and Notes certifiers that you want clients to trust.

3. Use one of the following methods to push certificates to clients' Contacts:

• Customize the Lotus Notes client install kit. For more information, see "Customizing an install kit to set certifier and trust defaults."
• Configure security policy settings. For more information, see "Pushing trusted certificates to clients through security policy settings."

Importing an Internet certifier into the Domino Directory
Creating an Internet cross-certificate in the Domino Directory from a certifier document
Creating a cross-certificate from a Notes certifier
Customizing an install kit to set certifier and trust defaults
Pushing certificates to clients through security policy settings

Glossary