In the "Certificates Authorities and the Certificates They Issue" dialog box, choose any of the following certificate views from the Certificates drop-down list to see CA certificates or flat Lotus Notes certifiers (because of a flat certificate in your User ID) found in your Contacts or in the IBM® Lotus® Domino™ Directory.

Types of certificate authority certificates to view	Explanation of view type
Trusted Notes	Notes certificates for an organizational unit certificate authority in the same hierarchy as your Notes certificate authority, for example /ABC/ACME. Your Notes certificate authority certificate itself, for example /ACME. Notes certificates that you trust because you have a valid cross certificate (in some cases, you may not be storing the Notes certificate in your Personal Address Book for which you have a valid cross certificate). Notes flat certificates that you trust because they are issued by a trusted flat certificate authority. This applies only if you have your own flat certificate in your User ID. Optionally you can declare trust in all flat certificates issued by this same flat certificate authority known to your User ID.
Trusted Internet	Internet certificates that you trust because you have a valid cross certificate (in some cases, you may not be storing the Internet certificate in your Personal Address Book for which you have a valid cross certificate).
All Notes	All trusted Notes certificates and Notes certificates that are not trusted because there are no corresponding cross certificates.
All Internet	All trusted Internet certificates and Internet certificates that are not trusted because there are no corresponding Internet cross certificates.
Notes Root Authorities	The root of the Notes certificate chain. For example, /ACME is a root.
Internet Root Authorities	The root of the Internet certificate chain -- the CA for an organization. For example, O=ACME is a root.
Notes Intermediate Authorities	Any Notes CA that is not a root. The CA is part of a larger hierarchy. The intermediate CA's certificate is issued by a higher level CA. For example, /123/ACME is an intermediate CA certificate of the root /ACME.
Internet Intermediate Authorities	Any Internet CA that is not a root -- the CA for an organizational unit. The CA is part of a larger hierarchy. The intermediate CA's certificate is issued by a higher level CA. For example, OU=123/O=ACME is an intermediate CA certificate of the root O=ACME.
All (default)	All Notes and Internet CA certificates.

Trust for a certificate authority

For any CA listed, you may see any of the following under the Trust column:

• If there is a check mark in a check box next to a certificate, it means you trust the certificate. You can uncheck the check box to stop trusting the certificate.
• If there is an empty check box next to the certificate you want to trust, you can click the check box to trust it.
• If there is a check mark but no check box, then you trust the certificate because your administrator has decided the trust for you.
• If no certificates appear, then the certificates cannot be found.

For any CA listed, you may see any of the following under the "Issued Certificates Trusted for Names" column:

• */ACME -- You trust any certificate that follows this naming scheme. For example, you trust /ABC/ACME because it fits the naming scheme of */ACME. Lotus Notes certificate authorities always use this naming style when issuing certificates.
• <all flat names> -- You have a flat certificate in your User ID, and you can choose to trust all certificates issued by the same authority that issued your flat certificate. There are no expectations for how the flat CA chooses to create names, except that they must be flat names, for example Joe User. These certificates do not support hierarchical names, such as Joe User/ACME.
• <all Internet names> --This appears for any trusted Internet CA. There are no expectations for how an Internet CA chooses to create names. Any name appearing in a certificate issued by the trusted Internet CA is considered to be valid.
• <all names> -- This appears with your Lotus Notes certificate authority certificate in your User ID. You accept everything from your own CA without question.

For more details about individual CAs, select the CA and click the "Certificate Details" button.

For more information about the specific trust you have for individual CAs, select the CA and click the "Trust Details" button.

If you are viewing certificates for authorities, you also have the following options:

• To delete a trusted certificate for an authority specifically listed in your Contacts, select a certificate to delete and click the Delete button. This action deletes the selected certificate and the cross certificate associated with it. You may not be able to delete a certificate if your administrator is controlling the trust.
• Click Other Actions > Browse Authority Certificates on Server to find other certificate authorities that are in the IBM® Lotus® Domino™ Directory. Once you choose to do this, select the server where the Domino Directory resides, and then select certificates of certificate authorities from the Domino Directory. For each certificate you want to copy to your Contacts, click "Copy to your Address Book" in the "Browse Authority Certificates on Server" dialog box.
• Click Other Actions > Download Administrative Trust Defaults from Home Server to download trust decisions found in the Domino Directory. You can only download trust decisions made by your administrator. These trust decisions are implemented as cross certificates in your Contacts.

Accessing servers using certificates
Finding Notes and Internet certificates you trust
How trust is established for a Notes or Internet certificate

Glossary