SECURITY


Creating Internet certificates for Notes S/MIME clients
The procedure you complete to create Internet certificates is the same, whether you use IBM® Lotus® Domino® or a third-party CA to issue the certificates.

To set up Notes clients with certificates for S/MIME

The CA and client complete these steps to add a Lotus Domino Internet certificate to the IBM® Lotus® Notes® ID file. A Lotus Notes client can use one Internet certificate or use dual Internet certificates for S/MIME encryption and signatures.

1. Before issuing certificates, the CA must determine if Internet certificates should be created using the existing public and private keys from the Lotus Notes ID file or if the CA wants to issue certificates based on new keys generated from a browser certificate request. If clients use a browser that supports PKCS #12, clients can also import an existing Internet certificate into the Lotus Notes ID file. Depending on the environment, the administrator may choose to use a combination of these options for different users.

2. The CA adds a trusted root certificate to a Domino Directory that the client can access.


3. The client creates a cross-certificate using the trusted root certificate for the CA and stores it in Contacts.

4. To create a certificate using the existing public and private keys in the Lotus Notes ID file, do the following:

5. To use new public and private keys to create an Internet certificate, do the following: For information about how Lotus Notes clients merge Internet certificates into their ID files, see Lotus Notes Help.

Related topics