SECURING YOUR DATA

Accessing servers using certificates
Stored in your User ID, a certificate is an electronic stamp, like a stamp on a passport, which verifies to a server that you are who you say you are. When you first receive your User ID from your administrator, it contains a Notes certificate. You may decide to use Internet certificates as well. (You may see Internet certificates being referred to as X.509 certificates.)

You can view all of the certificates in your User ID by choosing File - Security - User Security (Macintosh OS X users: Notes - Security - User Security), and then clicking Your Identity - Your Certificates.

What are Notes certificates?

When you want to access any Domino server, whether it be your mail server or an HR server in your company, you need a certificate to identify yourself to that server, and the server needs a certificate to identify you.

Notes certificates in Notes Release 5 and later use hierarchical names, so the certificate authority's name is part of the certificate's name. (The certificate authority, or CA, is the entity that created your certificate and issued it to you.) For example, your certificate might look like this: Joe User/ACME, where Joe User is your name and ACME is your CA's name.

There are three types of Notes certificates you can have in your User ID:


What are Internet certificates?

When you want to access a secure Web site that requires an SSL connection, such as https://www.verisign.com, or you want to encrypt or sign mail that is sent over the Internet, you need an Internet certificate. Usually you store Internet certificates in a Web browser, such as Netscape or Internet Explorer; however, you can also store Internet certificates in your User ID to be used with the Notes browser or with Notes mail. Internet certificates often contain an e-mail address. Because Internet certificate names are lengthy, Notes displays the e-mail address in a short format as a way of showing who the certificate belongs to. If there isn't an e-mail address available, Notes displays the most significant part of the Internet certificate name. For example, you could have an Internet certificate that looks similar to this: CN=ACME Internet CA/O=ACME/S=MASS/C=US. The portion of this certificate Notes displays is "ACME Internet CA."

Note If you need to see the entire name associated with your personal Internet certificate, you can choose File - Security - User Security (Macintosh OS X users: Notes - Security - User Security), click Your Identity - Your Certificates, select "Your Internet Certificates" from the drop-down list, and click the "Advanced Details" button. To see details of other people's Internet certificates, see Certificates for people or services.

Your Internet certificates are identified by Notes as Internet Multi-purpose certificates. Within Notes, this type of certificate is used to access secure Web pages using the Notes browser, to send and receive secure mail using Internet-style Notes mail (S/MIME), and to secure connections to Internet services using Secure Socket layer (SSL) connections.

Unlike Notes certificates, you can use one Internet certificate to sign messages and another Internet certificate for encryption. See Using dual Internet certificates for encryption and signatures for more information.

See Also