Lotus Domino Administrator 8 Help - Adding a Notes or Internet cross-certificate on demand

SECURITY

Adding a Notes or Internet cross-certificate on demand
When users access a server or receive a signed message, they can accept a IBM® Lotus® Notes® or Internet cross-certificate from another organization. IBM® Lotus® Domino™ adds the cross-certificate to the user's Personal Address Book. Then the next time the user tries to access the server, the user can authenticate the server with that cross certificate. Similarly, the user can use the cross certificate to verify signed messages from the organization that was cross certified.

Note You cannot add an Internet cross-certificate on demand if a users' Internet certificate already exists in an LDAP directory.

To add a cross-certificate on demand

1. Using a Lotus Notes workstation, attempt to access a server in an organization with which you are not cross-certified or open a signed message whose signature you do not trust.

2. If you attempted to access a server, when Domino displays this message, select Advanced Options:

Your local Domino Directory does not contain a cross-certificate for this organization.

Would you like to suppress this warning in the future by creating a cross-certificate for this organization in your Name and Address Book?

3. To avoid the possibility of cross-certifying an impostor, call someone trustworthy from the named organization and ask the person to tell you the organization's public key. Compare it to the key displayed in the Advanced Options dialog box.

4. Complete these fields:

Field Enter

Certifier File name of a user, server, or certifier ID. Specify a server or certifier ID when creating a cross-certificate for a server. The ID specified indicates who can use the cross-certificate.

Server Location of the Personal Address Book or Domino Directory where you want to copy the cross-certificate. Add the cross-certificate to the Personal Address Book for Notes clients.

Subject name Organization or organizational unit certifier that you want to cross-certify -- for example, /Acme. You can also create a cross-certificate for the owner of the certificate.

Subject alternate name list An alternate name that identifies the subject. Alternate names allow you to assign more than one name to an ID, which is recognizable in a user's native language.

Expiration date Date when the cross-certificate will expire.

5. Click Cross Certify. Domino places the cross-certificate in the Server - Certificates view of the Domino Directory of the server you specified in Step 4 or in the Advanced/Certificates view of the Personal Address Book.

Adding an alternate language and name to a user ID

Using cross-certificates to access servers and send secure S/MIME messages

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary

Field	Enter
Certifier	File name of a user, server, or certifier ID. Specify a server or certifier ID when creating a cross-certificate for a server. The ID specified indicates who can use the cross-certificate.
Server	Location of the Personal Address Book or Domino Directory where you want to copy the cross-certificate. Add the cross-certificate to the Personal Address Book for Notes clients.
Subject name	Organization or organizational unit certifier that you want to cross-certify -- for example, /Acme. You can also create a cross-certificate for the owner of the certificate.
Subject alternate name list	An alternate name that identifies the subject. Alternate names allow you to assign more than one name to an ID, which is recognizable in a user's native language.
Expiration date	Date when the cross-certificate will expire.