Adding a Notes® cross-certificate by phone
Two organizations can add an IBM® Notes® cross-certificate to user, server, and certifier IDs by providing the name and public key of the IDs to be cross-certified over the phone. For cross-certification to work, these steps must be carried out twice, with each organization alternately requesting cross-certification.
About this task
You cannot use this procedure to create an Internet cross-certificate.
To request a cross-certificate for a user, server, or certifier ID
About this task
Use these steps to add a cross-certificate for a user or server or for an organization or organizational unit when you have access to the user, server, or certifier ID.
Procedure
- From the IBM® Domino® Administrator, click the Configuration tab.
- Click .
- Select the user, server, or certifier ID file, and click Open.
- Type the password (if required).
- Click Security Basics. Write down the name exactly as it appears in the Name field, including any forward slashes (/) -- for example, Alan Jones/Sales/East/Renovations, Mail-E/East/Renovations, or /Renovations.
- Click . Write down the Key Identifier information exactly as it appears, including spaces.
- Call the organization that will add the cross-certificate, and provide the name and key exactly as you recorded them.
To request a cross-certificate for an ancestral certifier of an ID
About this task
Use these steps to add a cross-certificate for an organization or organizational unit when you have access to the user or server ID.
Procedure
- From the IBM® Domino® Administrator, click the Configuration tab.
- Click .
- Select the user, server, or certifier ID file, and click Open.
- Type the password (if required).
- Click .
- In the Certificates list, select the certificate for the certifier you want to cross-certify. Click Advanced Details.
- Look at the Certificate Issued To field to verify that you selected the correct certificate. Write down the name exactly as it appears, including any forward slashes (/) -- for example, /Renovations.
- Look at the Issuer Key Identifier field and write down the public key exactly as it appears, including spaces.
- Call the organization that will add the cross-certificate, and provide the name and public key exactly as you recorded them.
To add a cross-certificate to a Domino® Directory or Contacts
About this task
After someone from another organization provides the name and public key over the phone, use these steps to add a cross-certificate for the ID.
Procedure
- From the IBM® Domino® Administrator, click the Configuration tab.
- Choose Certification, and then choose Cross Certify Key.
- Select whether to use a CA-enabled certifier or use the Certifier ID, and click OK.
- If you chose to use the certifier ID, enter the password for the ID, and click OK.
- In the Subject name field, type the full hierarchical name for the ID you are cross-certifying exactly as provided over the phone, including any forward slashes (/).
- Type the public key for the ID you are cross-certifying exactly as it was provided over the phone, including spaces.
- Optional: Change the expiration date for the certificate. The default is 10 years.
- Optional: Click Certifier to select a different certifier to issue the cross-certificate.
- Optional: Click Server and select a different registration server whose Domino® Directory will store the cross-certificate. To store the cross-certificate in a user's Contacts, choose Local as the server. Then click OK.
- Click Cross Certify. Domino® places the cross-certificate in the view of the Domino® Directory of the selected registration server.