Lotus Domino Administrator 8 Help - Internet certificates for SSL and S/MIME

SECURITY

Internet certificates for SSL and S/MIME
Before Internet and IBM® Lotus® Notes® clients can use client authentication or send signed mail, they must have an Internet certificate. To send encrypted mail using S/MIME, they must have the recipient's Internet certificate. You need to complete these steps for Internet and Lotus Notes clients who are creating new public and private keys for the Internet certificate. You do not need to complete these steps if you are using a Lotus Notes client and the CA issued certificates in the Person document of the IBM® Lotus® Domino™ Directory. Lotus Notes automatically adds Internet certificates stored in the Person document to the Lotus Notes ID file when the user authenticates with the server.

You can also set up Lotus Notes clients to use different certificates for signing and encryption. You designate one Internet certificate authentication and signing, and another for encryption.

For more information, see the topic Dual Internet certificates for S/MIME encryption and signatures.

To obtain an Internet certificate for a Notes client

The procedure that Lotus Notes clients follow to request an Internet certificate is same whether a Lotus Domino CA or third-party CA is issuing the certificates.

1. Have users request an Internet certificate.

2. The CA approves the request, and Lotus Domino automatically adds the client's Internet certificate to the user's Person document.

3. Have users merge the Internet certificate into their ID file.

For information on how Lotus Notes users request and merge Internet certificates into their ID files, see Requesting Internet certificates if you have installed Lotus Notes 8 Help. Or, go to www.lotus.com/ldd/doc to download or view Lotus Notes 8 Help.

You can also issue Internet certificates for Lotus Notes clients without requiring them to submit an Internet certificate request. See the topic Issuing Internet certificates in a Person document.

To obtain an Internet certificate for an Internet client

The procedure you follow to request an Internet certificate depends on whether you want to request a certificate from a Lotus Domino CA or a third-party CA.

Domino CA

1. If you are using a Lotus Domino server-based certification authority, browse to the Certificate Request application. If you are using a Lotus Domino 5 certificate authority, browse to the Lotus Domino Certificate Authority application.

Note

If you use Microsoft Internet Explorer, use HTTP without SSL to connect to the Certificate Authority application. Internet Explorer does not allow you to accept site certificates into your browser.

2. Click "Request Client Certificate" in the left pane.

3. Enter your name and organizational information. This information will appear on your Internet certificate.

4. Enter any additional contact information that you want to send to the CA.

5. Enter the size for the public and private keys. The larger the number, the stronger the encryption.

6. Click "Submit Certificate Request" to send the request to the CA.

Third-party CA

The third-party CA determines how you request an Internet certificate. Browse to the third-party CA's site, and enter the certificate request. A dialog box appears that allows you to request the certificate.

Creating Internet certificates for Notes S/MIME clients

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary