SECURING


Issuing Internet certificates in a Person document

If you need to issue Internet certificates for Notes® clients and you do not want to require each user to submit an Internet certificate request and merge the certificate into the ID file, you can issue the Internet certificate using the existing public and private keys in the Notes ID file and add it to the user's Person document. Using the Domino® Directory to issue Internet certificates simplifies the process of distributing Internet certificates to users.

About this task

The server on which you issue Internet certificates must be set up for the Administration Process, and the users must have an Internet address specified in their Person documents. In addition, you must add Internet certificates that are created using a Domino certifier.

Note: To issue X.509 certificates that contain a Subject Alternate Name (SAN), add the notes.ini setting ENABLE_CERTREC_SAN=1 to the Domino administration server. This feature is supported only when you use the CA process to issue the certificate.

Parent topic: Internet certificates for TLS and S/MIME

To issue an Internet certificate in a Person document

Procedure

1. From the Domino Administrator, click People & Groups.

2. Select the names of the users who need Internet certificates.

3. Choose Actions -> Add Internet Cert to Selected People.

4. Check to make sure that the name of the dialog box displays the name of the correct registration server. If it does not, click Server to choose another server.

5. Choose whether to supply the certifier key ring file and password, or to use the CA process.

6. In the Add Internet Certificates to Selected Entries dialog box, confirm that the expiration date is valid. If not, enter the correct date.

7. Click Certify.

8. The certifier processes the request.

Results

If you chose to provide a certifier ID, Domino creates a certificate for each selected user and stores it in an Add Internet Certificate to Person Record request in the Administration Request database.

If you chose to use the CA process, a certificate request is created in the Administration Request database for each selected user. When the CA processes the request, it creates the Add Internet Certificate to Person Record request.

1. When the Administration Request database replicates with the Domino Directory's administration server, the Administration Process places the certificate in the user's Person document.

2. After the Domino Directory replicates with the user's mail server and the user subsequently accesses the mail server, Notes recognizes there is a certificate in the Domino Directory that is not in the user's ID file. Notes automatically places the Internet certificate in the user's ID file.

Related tasks
Setting up Notes and Internet clients for TLS client authentication
Creating Internet certificates for Notes S/MIME clients
Publishing third-party CA client certificates in a Person record
Setting up the Administration Process
Recertifying or renaming user IDs by organization