When SSL is used between an IdP and Domino, import the IdP SSL certificate into the Domino directory and cross-certify it.

Procedure

1. Connect to the IdP using the Firefox browser.

2. Click the certificates lock icon in the address bar and view the certificates.

3. Click the Details tab and select the Certificates KeyUsage field.

4. Verify that the Certificates KeyUsage field contains values forCertificate Signer and CRL Signer. In the following example, the values are missing:Certificate fields without Certificate Signer and CRL Signer

a. If the Certificates KeyUsage field does not include these values, select the certificate one level up in the certificate hierarchy and confirm that you see the values.

a. Select the Certificate Authority (issuer). It should show the Certificate Signerand CRL Signer values.

b. Start the Certificate Export Wizard:

i. Click Server Manager -> Tools -> Certification Authority.

ii. Select the certificate, right-click, and select Properties.

iii. On the General tab click View Certificate.

iv. On Details tab click Copy To File.

c. Export the file as type Base-64 encoded X.509 (.CER).

a. Open the directory in Domino Administrator.

b. Select People & Groups -> Certificates -> .

c. Select Actions -> Import Internet certificate.

d. Open the certificate in the Certificates view.

e. Select Actions -> Create cross certificate .


Note: In the Issue Cross Certificate dialog box, click Certifier and switch to the root Domino domain certifier, for example /Renovations.

f. Cross-certify the certificate with the root Domino domain certificate.

g. The cross-certificate is added to the Certificates view under the category Not Categorized.

Help on Help

All Help Contents

Help on Help