Simple Mail Transport Protocol (SMTP)
Setting up SSL on a Domino server
Set up SSL on a Domino server so that clients and servers that connect to the server use SSL to ensure privacy and authentication on the network. You set up SSL on a protocol-by-protocol basis. For example, you can enable SSL for mail protocols -- such as IMAP, POP3, and SMTP -- and not for other protocols.
Setting up database access for SSL clients
After you set up SSL on a Domino server, you must give the clients access to databases on the server.
Managing server certificates and certificate requests
Administrators perform a number of tasks in managing the certificate lifecycle. This topic provides a high-level view of the process, with links to additional information on how to view certificates, change the password of a key ring file, specify the trusted root for a certificate authority, view certificate requests, and renew expired certificates.
Creating a self-certified certificate to test SSL certification
You can create a self-certified certificate to test the certificate procedure at your organization. Because this certificate is not certified by a CA, use it only for testing purposes.
Creating an Internet cross-certificate for server-to-server SSL
One server can obtain an Internet cross-certificate from another server for the purposes of establishing trust. For example, if one server needs to access Directory Assistance on another server.
Modifying SSL cipher restrictions
SSL uses public, private, and negotiated session keys. Every SSL certificate has one pair of keys -- a public key and private key -- that are created when the SSL certificate is generated, and enable certificate owners to identify themselves over the network and to use S/MIME to encrypt and sign messages. Certificates contain only the public key. The private key is kept in the ID file for the Notes® client, and is kept in the key ring in the case of the SSL server.
Authenticating Web SSL clients in secondary Domino and LDAP directories
When a Web client authenticates with a server, by default, the server checks the primary HCL Domino Directory to see if the client certificate exists in the Person document. If your organization uses a secondary Domino Directory and/or an LDAP directory to verify client certificates, you can set up Domino to check those additional directories. To do so, you set up the secondary Domino and LDAP directories as trusted domains in the Directory Assistance database.
SSL session resumption
SSL session resumption greatly improves performance when using SSL by recalling information from a previous successful SSL session negotiation to bypass the most computationally intensive parts of the SSL session key negotiation. HTTP is the protocol that benefits the most from SSL session resumption, but other Internet protocols may benefit as well.