SECURITY


Adding a Notes cross-certificate by phone
Two organizations can add a IBM® Lotus® Notes® cross-certificate to user, server, and certifier IDs by providing the name and public key of the IDs to be cross-certified over the phone. For cross-certification to work, these steps must be carried out twice, with each organization alternately requesting cross-certification.

You cannot use this procedure to create an Internet cross-certificate.

To request a cross-certificate for a user, server, or certifier ID

Use these steps to add a cross-certificate for a user or server or for an organization or organizational unit when you have access to the user, server, or certifier ID.

1. From the IBM® Lotus® Domino™ Administrator, click the Configuration tab.

2. Click Certification - ID Properties.

3. Select the user, server, or certifier ID file, and click Open.

4. Type the password (if required).

5. Click Security Basics. Write down the name exactly as it appears in the Name field, including any forward slashes (/) -- for example, Alan Jones/Sales/East/Acme, Mail-E/East/Acme, or /Acme.

6. Click Your Identity - Your Certificates. Write down the Key Identifier information exactly as it appears, including spaces.

7. Call the organization that will add the cross-certificate, and provide the name and key exactly as you recorded them.

To request a cross-certificate for an ancestral certifier of an ID

Use these steps to add a cross-certificate for an organization or organizational unit when you have access to the user or server ID.

1. From the IBM® Lotus® Domino™ Administrator, click the Configuration tab.

2. Click Certification - ID Properties.

3. Select the user, server, or certifier ID file, and click Open.

4. Type the password (if required).

5. Click Your Identity - Your Certificates and in the Certificates list, select the certificate for the certifier you want to cross-certify. Click Advanced Details.

6. Look at the "Certificate Issued To" field to verify that you selected the correct certificate. Write down the name exactly as it appears, including any forward slashes (/) -- for example, /Acme.

7. Look at the "Issuer Key Identifier" field and write down the public key exactly as it appears, including spaces.

8. Call the organization that will add the cross-certificate, and provide the name and public key exactly as you recorded them.

To add a cross-certificate to a Domino Directory or Personal Address Book

After someone from another organization provides the name and public key over the phone, use these steps to add a cross-certificate for the ID.

1. From the Domino Administrator, click the Configuration tab.

2. Choose Certification, and then choose Cross Certify Key.

3. Select whether to use a CA-enabled certifier or use the Certifier ID, and click OK.

4. If you chose to use the certifier ID, enter the password for the ID, and click OK.

5. In the "Subject name" field, type the full hierarchical name for the ID you are cross-certifying exactly as provided over the phone, including any forward slashes (/).

6. Type the public key for the ID you are cross-certifying exactly as it was provided over the phone, including spaces.

7. (Optional) Change the expiration date for the certificate. The default is 10 years.

8. (Optional) Click Certifier to select a different certifier to issue the cross-certificate.

9. (Optional) Click Server and select a different registration server whose Domino Directory will store the cross-certificate. To store the cross-certificate in a user's Personal Address Book, choose Local as the server. Then click OK.

10. Click Cross Certify. Domino places the cross-certificate in the Server - Certificates view of the Domino Directory of the selected registration server.

See also