SECURING
In the Domino® Directory on your Domino server, set up a Person document for Internet clients using TLS client authentication to connect to a Domino server. The Person document for the user stores the user's Internet certificate, which is used to verify the user's identity. The Person document also lists the names that a Domino server can use to authenticate an Internet user.
About this task
When an Internet user tries to connect to a server, Domino looks for the Internet certificate name in the User name field in the user's Person document. Domino compares the Internet certificate presented with the one stored in the Person document. The comparison lets Domino authenticate the user, even if there are multiple users with the same name, since each user's public key is unique. If Domino finds a match and the public key is valid, then the first name listed in the User name field is used to check database ACLs and design element access lists.
For example, if the User name field contains these entries: Alan Jones, AJones, Alan, and Al Jones, and the client uses the name Al Jones to access the server, Domino authenticates the user, verifies that the public key presented matches the public key in the Person document, and uses the name Alan Jones to check database ACLs and design element access lists.
Parent topic: Setting up Notes and Internet clients for TLS client authentication
To set up a Person document
Procedure
1. Create a new Person document in the Domino Directory.
2. Enter the client's first, middle, and last names in the First name, Middle initial, and Last name fields.
3. Enter the client's common name on the certificate in the User name field.
4. Optional: Enter additional information about the client in the Work/Home tab.
5. Save the document.
What to do next
Tip: If the client wants to authenticate with a Domino server in another domain, add the user's Person document to the Domino Directory for that domain. Make sure you set up directory assistance so Domino can find the client in the Domino Directory for the domain.
Related concepts Directory assistance
Related tasks Configuring a database ACL Setting up Notes and Internet clients for TLS client authentication Publishing third-party CA client certificates in a Person record