SECURITY


Examples of cross-certification
To authenticate with all servers in another organization

This example describes what the Acme company and the ABC company do to allow all users and servers in both organizations to authenticate.

1. The Acme organization certifier (/Acme) obtains a cross-certificate for the ABC organization certifier (/ABC) and stores it in Acme's IBM® Lotus® Domino™ Directory.

2. The ABC organization certifier (/ABC) obtains a cross-certificate for the Acme organization certifier (/Acme) and stores it in ABC's Domino Directory.

To authenticate with a specific server in another organization

The Acme company wants to let Seascape users who have the hierarchical certification AppDevelopment/Seascape to access their customer support server, CSSUPPORT/East/Acme.

1. The Acme organizational unit certifier (/East/Acme) has a cross-certificate for the Seascape organizational unit certifier (/AppDevelopment/Seascape) and stores it in Acme's Domino Directory.

2. The Seascape organizational unit certifier (/AppDevelopment/Seascape) has a cross-certificate for the Acme organizational unit certifier (/East/Acme) and stores it in Seascape's Domino Directory.

This cross-certification enables Kelly Jones/AppDevelopment/Seascape and Jonathan Moutal/AppDevelopment/Seascape to authenticate with the server CSSUPPORT/East/Acme. However, it does not allow these users to authenticate with the Acme server Mail-W/West/Acme.

To send signed S/MIME messages

Alan Jones has an Internet certificate issued from the Acme CA, and Dave Lawson has an Internet certificate issued from the ABC CA. If Alan wants to send Dave an encrypted S/MIME message and Dave wants to send Alan an encrypted S/MIME message:

1. Alan has a trusted cross-certificate for ABC and stores it in his Personal Address Book.

2. Dave has a trusted cross-certificate for Acme and stores it in his Personal Address Book.

Both Dave and Alan can now also send encrypted S/MIME messages to each other.

See also