SECURING
You can set up an Notes® client to use S/MIME encryption and electronic signatures when sending mail to other users of mail applications that support S/MIME.
Setting up Notes clients to send encrypted messages
Notes clients need the following to send encrypted messages:
Note: It is not necessary to have the cross-certificate prior to sending S/MIME encrypted mail. Users will be prompted to generate the cross-certificate when they try to send the message.
To decrypt sent messages and send signed messages, Notes clients need an Internet certificate stored in the Notes ID file.
Setting up Notes clients to verify signed messages
To verify the signature on a signed message, Notes clients need a cross-certificate issued for either the sender of the message or the CA that issued the sender's Internet certificate. This cross-certificate must be stored in the client's Contacts.
Adding an Internet certificate and cross-certificate for encrypted S/MIME messages To send an S/MIME-encrypted message, the sender must have the recipient's Internet certificate in their Contacts, an HCL Domino Directory, or LDAP directory. The sender must also have a cross-certificate issued for the recipient or for the certifier who issued the recipient's Internet certificate.
Dual Internet certificates for S/MIME encryption and signatures You can add two Internet certificates to your Notes ID file and then use one certificate for S/MIME encryption and another for S/MIME signatures and TLS client authentication. Doing so lets you maintain separate public and private key pairs for encryption and electronic signatures and TLS client authentication.
Related concepts Mail encryption Using TLS when setting up directory assistance for LDAP directories Directory assistance Setting up Notes and Internet clients for TLS authentication
Related tasks Adding an Internet certificate and cross-certificate for encrypted S/MIME messages Creating Internet certificates for Notes S/MIME clients Creating an Internet cross-certificate for a CA Creating a Directory Assistance document for a remote LDAP directory