SECURING


Adding a Notes or Internet cross-certificate on demand

When users access a server or receive a signed message, they can accept an HCL Notes® or Internet cross-certificate from another organization. HCL Domino® adds the cross-certificate to the user's Contacts. Then the next time the user tries to access the server, the user can authenticate the server with that cross-certificate. Similarly, the user can use the cross-certificate to verify signed messages from the organization that was cross certified.

About this task

You cannot add an Internet cross-certificate on demand if a user's Internet certificate already exists in an LDAP directory.

Parent topic: Adding cross-certificates to the Domino Directory or Contacts

To add a cross-certificate on demand

Procedure

1. Using a Notes workstation, attempt to access a server in an organization with which you are not cross-certified or open a signed message whose signature you do not trust.

2. If you attempted to access a server, select Advanced Options when Domino displays this message:


3. To avoid the possibility of cross-certifying an impostor, call someone trustworthy from the named organization and ask the person to tell you the organization's public key. Compare it to the key displayed in the Advanced Options dialog box.

4. Complete these fields:


5. Click Cross Certify. Domino places the cross-certificate in the Server -> Certificates view of the Domino Directory of the server you specified in Step 4 or in the Advanced -> Certificates view of Contacts.

Related concepts
Adding cross-certificates to the Domino Directory or Contacts
Using cross-certificates to access servers and send secure S/MIME messages

Related tasks
Adding an alternate language and name to a user ID