To send an S/MIME-encrypted message, the sender must have
the recipient's Internet certificate in their Contacts, an IBM® Domino® Directory,
or LDAP directory. The sender must also have a cross-certificate issued
for the recipient or for the certifier who issued the recipient's
Internet certificate.
About this task
If a cross-certificate is issued for a recipient's Internet
certificate, only messages to that recipient can be encrypted. If
a cross-certificate is issued to the recipient's CA, users can send
encrypted messages to all recipients who have certificates issued
by that CA, if you have the recipients' Internet certificates. If
the Internet certificate is stored in a Domino Directory in another domain or in an
LDAP directory, the directory needs to be accessible using directory
assistance.
Procedure
- The recipient must send an S/MIME signed message to you.
- When you open the signed message, IBM Notes® asks if you
want to add a cross-certificate if you do not already have one issued
for either the author or the CA who issued the certificate to the
author. Complete these fields and then click Cross Certify.
Table 1. Cross-Certificate Options
Field |
Enter |
Certifier |
The certifier ID that is cross-certifying the
certificate. By default, the certifier is your ID. If you have access,
you can choose an ID that is higher in the hierarchical name scheme. |
Server |
The registration server that holds the cross-certificate
that is created. By default, it is stored locally in your Contacts.
Do not change this setting, since the cross-certificate must be stored
in your Contacts in order to validate the Internet certificate of
the person to whom you are sending an encrypted message. |
Subject name |
The certificate that is being cross-certified.
You can choose to cross-certify the sender of the signed message or
you can cross-certify the CA that issued the certificate to the sender.
If a cross-certificate is issued to the sender of the signed message,
you can encrypt messages to only that person. If a cross-certificate
is issued to the sender's CA, you can send encrypted messages to anyone
who has an Internet certificate issued by that CA and for whom you
have an Internet certificate. |
Subject alternate name list |
Alternate names attached to the ID, if any. |
Expiration date |
The date that the cross-certificate expires. |
- To add the author's Internet certificate to Contacts, choose . Notes creates
a Contact document for the person and adds an Internet certificate
to the document.