SECURING
Every Notes® user ID and Domino® server ID has a unique public key for the Notes certificate. The public key is stored in an ID file and in the Person or Server document for that ID in the Domino Directory. Notes and Domino use the public key to authenticate users and servers, verify digital signatures, and encrypt messages and databases. A Notes user ID can also have a unique public key for an Internet certificate.
Issuing new public keys for a Notes certificate
If you suspect that an ID has been compromised because it was lost, stolen, or copied without permission, you can create a new public key for the ID. Creating a new public key allows you to maintain other parts of the ID -- for example, the encryption keys -- rather than create an entirely new ID, so that users can still use their old keys to decrypt encrypted email.
Notes users can create a new public key for the Notes certificate. The new public key must be certified before it can be used by Notes.
After certifying a new public key, you should set up servers to verify public keys. Public key verification involves matching the public key stored in the Domino Directory with the public key on the ID. Verifying public keys prevents an unauthorized user from using the ID with the original public key to access the server.
Note: This is done in addition to the key verification done by validating the certificate presented by the user during authentication.
Adding an existing Notes public key
When you register a user or server, Domino automatically adds the Notes public keys to the corresponding Person or Server document. However, you may need to manually add a user or server ID's public key in these situations:
Creating a new Notes public key and adding it to the Domino Directory The process for creating a new HCL Notes public key differs, depending on which version of HCL Domino you use.
Adding a Notes public key to the Domino Directory You can copy an HCL Notes public key to a file or mail it to a user or administrator who pastes the public key into a user's Contacts or an HCL Domino Directory that users can access. This lets users encrypt mail sent to a user in another organization or replace a missing or corrupted key in the Domino Directory.
Related concepts Encryption Electronic signatures TLS and S/MIME for clients Certificates
Related tasks Creating a Directory Assistance document for a remote LDAP directory Adding a Notes public key to the Domino Directory Scheduling replication of the Domino Directory