SECURING
Before an HCL Domino® client can authenticate servers or send secure S/MIME messages, the client must first create a cross-certificate for the CA server and store it in Contacts. This allows the HCL Notes® client to trust servers or clients that have certificates issued by that CA.
About this task
The client uses a trusted root certificate to create the cross-certificate. Once the cross-certificate is created, the client no longer needs the trusted root certificate.
SSL server authentication for Internet clients other than Notes does not require a cross-certificate.
A Notes client can also create a cross-certificate for a server or client; however, this allows the Notes client to trust only that server or client. The Notes client does not then trust other servers and clients with certificates issued by a CA.
Note: Best practice is to push trusted cross-certificates to Notes clients' Contacts rather than having users retrieve them from the Domino Directory themselves.
Procedure
1. Make sure the CA created a trusted root certificate in the Domino Directory.
2. Instruct clients to retrieve an Internet cross-certificate through the User Security dialog box.
Results
Notes users can view the Internet cross-certificates contained in Contacts. For information on how Notes users can see and retrieve their Internet cross-certificates, see Notes Help.
Parent topic: How users can obtain trusted certificates manually
Related tasks Pushing trusted certificates to Notes clients