SECURING
A certificate is a unique digital signature that identifies a user or server. Server and user IDs contain one or more HCL Notes® certificates. In addition, user IDs may contain one or more Internet certificates that identify users when they use TLS to connect to an Internet server or send a signed S/MIME mail message.
A certificate contains:
Public keys are not secret. Any user may look up another user's public key and use it to send encrypted mail to or authenticate the user. It is important that someone looking up a public key learn it reliably since Domino uses it for identification. Users must be able to obtain the public key of the certifier that issued the certificate before they can authenticate the certificate's owner. If a user has a certificate issued by the same certifier as another user or server, the first user can verify the public key for the certificate and then reliably know the public key associated with the server or user name. If a user doesn't have a certificate issued by the same certifier, the user needs a cross-certificate for authentication.
When you register users and servers, Domino automatically creates a Notes certificate for each user and server ID. In addition, you can use a Domino or third-party certificate authority (CA) to create Internet certificates for user IDs. Domino uses the x.509 certificate format to create Internet certificates.
Notes certificates have expiration dates. Therefore, you must recertify Notes IDs when their expiration dates approach. In addition, if a user or server name changes, you must recertify the corresponding Notes ID so that a new certificate will bind the public key to the new name.
Changing a name on a user ID may also affect Internet certificates. For example, a user who has changed the name on a user ID may receive warning messages when sending signed S/MIME mail, warning the user that recipients of the message may receive a signature by a name that isn't on the original certificate used for signing.
Related concepts Domino server and Notes user IDs Domino server-based certification authority TLS and S/MIME for clients Encryption
Related tasks Viewing the certificates on an ID Defining default settings for Notes user registration