SECURING
Users can use Internet certificates only in the browser in which they requested them. However, you can export Internet certificates from a Person document and make them available to other users. You can also import other's Internet certificates into Person documents in the Domino® Directory, or import and export Internet certificates for use between other Internet applications, such as Microsoft™ Outlook.
Parent topic: Internet certificates for TLS and S/MIME
To export an Internet certificate from a Person document
Procedure
1. From the Domino Administrator, click People & Groups, and open the People view.
2. Open the Person document from which you want to export Internet certificates.
3. Click Action -> Export Internet Certificates.
4. In the Export Internet Certificates dialog box, select the certificate that you want to export from the list box and click OK.
5. In the Select Export File Format dialog box, choose the file format in which to save the exported certificate, and click OK. The default is PKCS 12 encoded.
As of V12.0.1, exporting certificates to a PKCS#12 file uses the newer PBES2 with 256 bit AES, 4096 iterations, and HMAC-SHA2, by default, in accordance with current best practices.
If you need to export PKCS#12 formatted credentials for use with a pre-12.0.1 version of Notes or Domino or a different product that does not support PKCS#12 files that are encrypted with AES, use the following notes.ini setting on the Notes client from which you open the Domino directory: PKCS12_EXPORT_LEGACY=1. This setting downgrades all of the PKCS#12 files exported to use SHA-1 and 3DES instead of SHA-2 and AES-256.
7. For Password for Export File Containing Internet Certificates, enter a password to protect the export file. If you choose not to assign a password to this file, click No Password. However, it is highly recommended that you assign a password to protect this information.
8. In the Specify Export File dialog box, choose the directory path and file name for the file that contains the exported certificates, and click OK. The certificates are successfully exported to the specified file.
9. Note the file name and password of the exported file for future reference.
To import an Internet certificate into a Person document
2. Open the Person document for which you want to import Internet certificates.
3. Click Action -> Import Internet Certificates.
4. In the Specify File Containing the Internet Certificate dialog box, choose the directory path and file name for the file that contains the exported certificates, and click OK. Note that the file may not appear with the assigned file extension. It is recommended that you choose the all files option in the Files of type field to ensure that the exported files are displayed in the file selection list box.
5. In the Select Import File Format dialog box, choose the file format in which to save the imported Internet certificate, and click OK. The default is PKCS 12 encoded.
6. In the Enter Password dialog box, enter the file password.
7. In the Import Internet Certificates dialog box, choose the Internet certificate that you want to import, if there is more than one. Or you can click Accept All to import all certificates in the file.