SECURITY


Adding a Notes or Internet cross-certificate on demand
When users access a server or receive a signed message, they can accept a IBM® Lotus® Notes® or Internet cross-certificate from another organization. IBM® Lotus® Domino™ adds the cross-certificate to the user's Personal Address Book. Then the next time the user tries to access the server, the user can authenticate the server with that cross certificate. Similarly, the user can use the cross certificate to verify signed messages from the organization that was cross certified.

Note You cannot add an Internet cross-certificate on demand if a users' Internet certificate already exists in an LDAP directory.

To add a cross-certificate on demand

1. Using a Lotus Notes workstation, attempt to access a server in an organization with which you are not cross-certified or open a signed message whose signature you do not trust.

2. If you attempted to access a server, when Domino displays this message, select Advanced Options:

3. To avoid the possibility of cross-certifying an impostor, call someone trustworthy from the named organization and ask the person to tell you the organization's public key. Compare it to the key displayed in the Advanced Options dialog box.

4. Complete these fields:
FieldEnter
CertifierFile name of a user, server, or certifier ID. Specify a server or certifier ID when creating a cross-certificate for a server. The ID specified indicates who can use the cross-certificate.
ServerLocation of the Personal Address Book or Domino Directory where you want to copy the cross-certificate. Add the cross-certificate to the Personal Address Book for Notes clients.
Subject nameOrganization or organizational unit certifier that you want to cross-certify -- for example, /Acme. You can also create a cross-certificate for the owner of the certificate.
Subject alternate name listAn alternate name that identifies the subject. Alternate names allow you to assign more than one name to an ID, which is recognizable in a user's native language.
Expiration dateDate when the cross-certificate will expire.
5. Click Cross Certify. Domino places the cross-certificate in the Server - Certificates view of the Domino Directory of the server you specified in Step 4 or in the Advanced/Certificates view of the Personal Address Book.

See also