SECURITY

Creating an Internet cross-certificate for a CA
Before a Notes client can authenticate servers or send secure S/MIME messages, the client must first create a cross-certificate for the CA server and store it in the Personal Address Book. This allows the Notes client to trust servers or clients that have certificates issued by that CA. The client uses a trusted root certificate to create the cross-certificate. Once the cross-certificate is created, the client no longer needs the trusted root certificate.

SSL server authentication for Internet clients other than Notes does not require a cross-certificate.

A Notes client can also create a cross-certificate for a server or client; however, this allows the Notes client to trust only that server or client. The Notes client does not then trust other servers and clients with certificates issued by a CA.

To create an Internet cross-certificate

1. Make sure the CA created a trusted root certificate in the Domino Directory.

2. Instruct clients to retrieve an Internet cross-certificate through the User Security dialog box.

For information on how Notes users can retrieve Internet cross-certificates, see the topic To retrieve an Internet cross-certificate if you have installed Lotus Notes 7 Help. Or, go to www.lotus.com/ldd/doc to download or view Lotus Notes 7 Help.

To view Internet cross-certificates

Notes users can view the Internet cross-certificates contained in their Personal Address Book.

For information on how Notes users can see their Internet cross-certificates, see How trust is established for a Notes or Internet client if you have installed Lotus Notes 7 Help. Or, go to http://www.lotus.com/ldd/doc to download or view Lotus Notes 7 Help.

See also