SECURING
Notes® and Internet users who have a client certificate from a third-party certifier may want to have this certificate published in their Person record so that, if a user authenticates with a Domino® server over SSL with that certificate, Domino will be able to determine the user's Notes identity.
About this task
The server can the use the Notes identity to check server database ACLs to determine the user's access to those databases. If the certificate with which a user authenticates isn't in a Person document, Domino gives the user anonymous access, even though the user has authenticated using SSL authentication.
To publish a third-party client certificate in a user's Person record, use the Certificate Publications Request database. Clients submit certificate publication requests to the database, where they are approved by an administrator. After a request is approved, a publication request is created automatically in the Administration Process database. When the request is completed, the third-party client certificate is published in the requester's Person record.
In order to use this database, the server on which it is hosted must:
Note: The user does not have to have a Person document in the Domino Directory to make a publication request. The administrator can create a Person document once the request has been entered, and it has been decided that the certificate's owner can be trusted.
Parent topic: Setting up Notes and Internet clients for SSL client authentication
To create the Certificate Publications Request database
Procedure
1. From the Domino Administrator, click File -> Application -> New.
2. Create a new database using the Domino Certificate Publications Request template (certpub.ntf).
To publish a third party CA client certificate in a Person record
1. The client opens the Certificate Publications Request database using a browser, completes the Certificate Registration Request form, and submits it.
2. The administrator approves or denies the publication requests in the Waiting for Approval view.
3. If the request is approved, it is submitted to the Administration Process and the client certificate is published in the requester's Person record.
Related tasks Setting up Notes and Internet clients for SSL client authentication Setting up a Person document for an Internet user using SSL client authentication