Lotus Domino Administrator 8.5 Help - Internet certificates for SSL and S/MIME

SECURITY

Internet certificates for SSL and S/MIME
Before Internet and IBM® Lotus® Notes® clients can use client authentication or send signed mail, they must have an Internet certificate. To send encrypted mail using S/MIME, they must have the recipient's Internet certificate. You need to complete these steps for Internet and Lotus Notes clients who are creating new public and private keys for the Internet certificate. You do not need to complete these steps if you are using a Lotus Notes client and the CA issued certificates in the Person document of the IBM® Lotus® Domino® Directory. Lotus Notes automatically adds Internet certificates stored in the Person document to the Lotus Notes ID file when the user authenticates with the server.

You can also set up Lotus Notes clients to use different certificates for signing and encryption. You designate one Internet certificate authentication and signing, and another for encryption.

To obtain an Internet certificate for a Notes client

The procedure that Lotus Notes clients follow to request an Internet certificate is same whether a Lotus Domino CA or third-party CA is issuing the certificates.

1. Have users request an Internet certificate.

2. The CA approves the request by signing the certificate, and Lotus Domino automatically adds the client's Internet certificate to the user's Person document.

3. Have users merge the Internet certificate into their ID file.

For information on how Lotus Notes users request and merge Internet certificates into their ID files, see Lotus Notes Help.

You can also issue Internet certificates for Lotus Notes clients in Person documents so that users aren't required to submit Internet certificate requests .

To obtain an Internet certificate for an Internet client

The procedure you follow to request an Internet certificate depends on whether you want to request a certificate from a Lotus Domino CA or a third-party CA.

Domino CA

1. If you are using a Lotus Domino server-based certification authority, browse to the Certificate Request application. If you are using a Lotus Domino 5 certificate authority, browse to the Lotus Domino Certificate Authority application.

Note

If you use Microsoft Internet Explorer, use HTTP without SSL to connect to the Certificate Authority application. Internet Explorer does not allow you to accept site certificates into your browser.

2. Click "Request Client Certificate" in the left pane.

3. Enter your name and organizational information. This information will appear on your Internet certificate.

4. Enter any additional contact information that you want to send to the CA.

5. Enter the size for the public and private keys. The larger the number, the stronger the encryption.

6. Click "Submit Certificate Request" to send the request to the CA.

Third-party CA

The third-party CA determines how you request an Internet certificate. Browse to the third-party CA's site, and enter the certificate request. A dialog box appears that allows you to request the certificate.

Signing an Internet client certificate and adding the certificate to the Domino Directory

Issuing Internet certificates in a Person document

Setting up Notes and Internet clients for SSL client authentication

Creating Internet certificates for Notes S/MIME clients

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary