SECURITY


Adding cross-certificates to the Domino Directory or Personal Address Book
You can use several methods to obtain a IBM® Lotus® Notes® or Internet cross-certificate.

Accessing a server

If a user attempts to access a server in a different organization, and the user does not already have a cross-certificate issued to that server or one of its ancestors, a dialog box gives the recipient the option to add the cross-certificate "on demand." Users can add a Lotus Notes cross-certificate this way. This is usually the quickest and easiest way for a user to obtain a cross-certificate.

Receiving a signed mail message

If a user receives a signed mail message from a user in a different organization and the recipient does not already have a cross-certificate issued to that server or one of its ancestors, the "on demand" cross-certificate dialog box appears. Users can add both Lotus Notes and Internet cross-certificates this way.

Adding a cross-certificate from the Domino Directory

Users can retrieve Internet certificates and Lotus Notes and Internet cross-certificates from the IBM® Lotus® Domino® Directory on their home/mail server, and add them to their Personal Address Books. Domino administrators can use any method to add the Internet certificates and Lotus Notes and Internet cross-certificates to the Domino Directory; however, the cross-certificates must be issued by a common ancestor before Lotus Notes copies the cross-certificates to the user's Personal Address Book.

By Notes mail or postal service

Users can add a cross-certificate by sending a safe copy of the certificate through Lotus Notes mail or the postal service. Users can use this method to add a Lotus Notes cross-certificate only.

From an Internet server

Users can obtain an Internet cross-certificate through the User Security panel (File - Security - User Security). Users would choose Identity of Others - People, Services, and click "Retrieve Internet Service Certificate." A dialog box allows the user to specify an Internet server from which to obtain a certificate to cross-certify. This method can be the quickest way to obtain an Internet cross-certificate.

By phone

Users can add a cross-certificate by providing the name and public key of the certificate by phone. Users can use this method to add a Lotus Notes certificate only.

In the Person document

Users can cross-certify a certificate stored in a Person document in the Domino Directory using Actions - Create Cross Certificate. Users can add both Internet and Lotus Notes cross-certificates this way.

From a trusted root certificate

Users can create an Internet cross-certificate from a trusted root certificate if you have a trusted root certificate in the Personal Address Book or Domino Directory. Lotus Notes and Domino provide in the Personal Address Book and Domino Directory many default trusted root certificates for third-party CAs. To indicate trust for these CAs, create a cross-certificate using the trusted root. You can also add a trusted root certificate for other CAs that are not included by default and create cross-certificates for them.

Example

Related topics