SECURING


Adding an Internet certificate and cross-certificate for encrypted S/MIME messages

To send an S/MIME-encrypted message, the sender must have the recipient's Internet certificate in their Contacts, an HCL Domino® Directory, or LDAP directory. The sender must also have a cross-certificate issued for the recipient or for the certifier who issued the recipient's Internet certificate.

About this task

If a cross-certificate is issued for a recipient's Internet certificate, only messages to that recipient can be encrypted. If a cross-certificate is issued to the recipient's CA, users can send encrypted messages to all recipients who have certificates issued by that CA, if you have the recipients' Internet certificates. If the Internet certificate is stored in a Domino Directory in another domain or in an LDAP directory, the directory needs to be accessible using directory assistance.

Procedure

1. The recipient must send an S/MIME signed message to you.

2. When you open the signed message, HCL Notes® asks if you want to add a cross-certificate if you do not already have one issued for either the author or the CA who issued the certificate to the author. Complete these fields and then click Cross Certify.


3. To add the author's Internet certificate to Contacts, choose More -> Add Sender to Contacts. Notes creates a Contact document for the person and adds an Internet certificate to the document.

Parent topic: Setting up Notes clients for S/MIME

Related concepts
Setting up Notes clients for S/MIME
Dual Internet certificates for S/MIME encryption and signatures
Using TLS when setting up directory assistance for LDAP directories

Related tasks
Creating a Directory Assistance document for a remote LDAP directory