SECURITY

Creating an Internet cross-certificate for a CA
Before an IBM® Lotus® Domino®, client can authenticate servers or send secure S/MIME messages, the client must first create a cross-certificate for the CA server and store it in Contacts. This allows the Lotus Notes client to trust servers or clients that have certificates issued by that CA. The client uses a trusted root certificate to create the cross-certificate. Once the cross-certificate is created, the client no longer needs the trusted root certificate.

SSL server authentication for Internet clients other than Lotus Notes does not require a cross-certificate.

A Lotus Notes client can also create a cross-certificate for a server or client; however, this allows the Lotus Notes client to trust only that server or client. The Lotus Notes client does not then trust other servers and clients with certificates issued by a CA.

To create an Internet cross-certificate

1. Make sure the CA created a trusted root certificate in the IBM® Lotus® Domino™ Directory.

2. Instruct clients to retrieve an Internet cross-certificate through the User Security dialog box.

For information on how Lotus Notes users can retrieve Internet cross-certificates, see the topic To retrieve an Internet cross-certificate if you have installed Lotus Notes 8 Help. Or, go to www.lotus.com/ldd/doc to download or view Lotus Notes 8 Help.

To view Internet cross-certificates

Lotus Notes users can view the Internet cross-certificates contained in their Personal Address Book.

For information on how Lotus Notes users can see their Internet cross-certificates, see How trust is established for a Notes or Internet client if you have installed Lotus Notes 8 Help. Or, go to http://www.lotus.com/ldd/doc to download or view Lotus Notes 8 Help.

See also