SECURITY
A certificate contains:
Public keys are not secret. Any user may look up another user's public key and use it to send encrypted mail to or authenticate the user. It is important that someone looking up a public key learn it reliably since Domino uses it for identification. Users must be able to obtain the public key of the certifier that issued the certificate before they can authenticate the certificate's owner. If a user has a certificate issued by the same certifier as another user or server, the first user can verify the public key for the certificate and then reliably know the public key associated with the server or user name. If a user doesn't have a certificate issued by the same certifier, the user needs a cross-certificate for authentication.
When you register users and servers, Domino automatically creates a Lotus Notes certificate for each user and server ID. In addition, you can use a Domino or third-party certificate authority (CA) to create Internet certificates for user IDs. Domino uses the x.509 certificate format to create Internet certificates.
Lotus Notes certificates have expiration dates. Therefore, you must recertify Lotus Notes IDs when their expiration dates approach. In addition, if a user or server name changes, you must recertify the corresponding Lotus Notes ID so that a new certificate will bind the public key to the new name.
Changing a name on a user ID may also affect Internet certificates. For example, a user who has changed the name on a user ID may receive warning messages when sending signed S/MIME mail, warning the user that recipients of the message may receive a signature by a name that isn't on the original certificate used for signing.
Related topics