SECURING


Creating Internet certificates for Notes S/MIME clients

The procedure used to create Internet certificates for HCL Notes® is the same, whether you use HCL Domino® or a third-party CA to issue the certificates.

About this task

The CA and client complete these steps to add a Domino Internet certificate to the Notes ID file. A Notes client can use one Internet certificate or use dual Internet certificates for S/MIME encryption and signatures.

Procedure

1. Before issuing certificates, the CA must determine if Internet certificates should be created using the existing public and private keys from the Notes ID file or if the CA wants to issue certificates based on new keys generated from a browser certificate request. If clients use a browser that supports PKCS #12, clients can also import an existing Internet certificate into the Notes ID file. Depending on the environment, the administrator may choose to use a combination of these options for different users.

2. The CA adds a trusted root certificate to a Domino Directory that the client can access.


3. The client creates a cross-certificate using the trusted root certificate for the CA and stores it in Contacts.

4. To create a certificate using the existing public and private keys in the Notes ID file, use these steps:


5. To use new public and private keys to create an Internet certificate, use these steps:
Results

For information about how Notes clients merge Internet certificates into their ID files, see Notes Help.

Parent topic: Setting up Notes clients for S/MIME

Related concepts
Setting up Notes clients for S/MIME
Dual Internet certificates for S/MIME encryption and signatures

Related tasks
How users can obtain trusted certificates manually
Creating an Internet cross-certificate for a CA
Issuing Internet certificates in a Person document
Internet certificates for TLS and S/MIME
Signing an Internet client certificate and adding the certificate to the Domino Directory
Adding an Internet certificate and cross-certificate for encrypted S/MIME messages