SECURITY

Setting up a Person document for an Internet user using SSL client authentication
In the Domino Directory on your IBM® Lotus® Domino™ server, set up a Person document for Internet clients using SSL client authentication to connect to a Lotus Domino server. The Person document for the user stores the user's Internet certificate, which is used to verify the user's identity. The Person document also lists the names that a Lotus Domino server can use to authenticate an Internet user. When an Internet user tries to connect to a server, Lotus Domino looks for the Internet certificate name in the User name field in the user's Person document. Lotus Domino compares the Internet certificate presented with the one stored in the Person document. The comparison lets Lotus Domino authenticate the user, even if there are multiple users with the same name, since each user's public key is unique. If Lotus Domino finds a match and the public key is valid, then the first name listed in the User name field is used to check database ACLs and design element access lists.

For example, if the User name field contains these entries: Alan Jones, AJones, Alan, Al Jones and the client uses the name Al Jones to access the server, Lotus Domino authenticates the user, verifies that the public key presented matches the public key in the Person document, and uses the name Alan Jones to check database ACLs and design element access lists.

For more information, see the topic Configuring a database ACL.

To set up a Person document

1. Create a new Person document in the Lotus Domino Directory.

2. Enter the client's first, middle, and last names in the First name, Middle initial, and Last name fields.

3. Enter the client's common name on the certificate in the User name field.

4. (Optional) Enter additional information about the client in the Work/Home tab.

5. Save the document.

Tip If the client wants to authenticate with a Lotus Domino server in another domain, add the user's Person document to the Lotus Domino Directory for that domain. Make sure you set up directory assistance so Lotus Domino can find the client in the Lotus Domino Directory for the domain.

For information on setting up directory assistance, see the topic Directory assistance.

See also