SECURITY


Adding a Notes cross-certificate for IDs by postal service
Organizations that cannot communicate through IBM® Lotus® Notes® mail can use these steps to add a Lotus Notes cross-certificate for user, server, and certifier IDs. For cross-certification to work, these steps must be carried out twice, with each organization alternately requesting cross-certification.

You cannot use this procedure to create an Internet cross-certificate.

To create a safe copy of an ID

Use these steps to create a safe copy of the user, server, or certifier ID that you want to cross-certify.

1. From the IBM® Lotus® Domino™ Administrator, click the Configuration tab.

2. Choose Certification and then choose ID Properties.

3. Select the user, server, or certifier ID file, and then click Open.

4. Type the password (if required). The ID Properties dialog box appears.

5. Click Your Identity - Your Certificates - Other Actions, and then select Export Notes ID (Safe Copy).

6. Enter a path and name for the safe copy, and then click OK. The default name is SAFE.ID.

7. Copy the file to a disk.

8. Use the postal service to send the disk to the certification administrator at the other organization.

To add a cross-certificate for the safe copy

Use these steps to add the cross-certificate to the Domino Directory.

1. From the Domino Administrator, click the Configuration tab.

2. Click Certification, and then click Cross Certify.

3. Select whether to use a CA-enabled certifier or use the certifier ID, and click OK.

4. If you chose to use the certifier ID, enter the password for the ID, and click OK.

5. Select the safe copy of the ID to be cross-certified, and then click OK.

6. Complete one or more of these fields:
FieldEnter
CertifierName of your organization's certifier ID
ServerLocation of the Domino Directory where you want to copy the cross-certificate
Subject nameOrganization or organizational unit certifier to be cross-certified -- for example, /Acme
Subject alternate name listAn alternate name that identifies the certifier ID. Alternate names allow you to assign more than one name to an ID, which is recognizable in a user's native language.
Expiration dateDate when the cross-certificate will expire
7. Click Cross Certify. Domino places the cross-certificate in the Server - Certificates view of the Domino Directory of the server you specified in Step 6.

See also