Creating an Internet cross-certificate for a CA
Before an IBM® Domino® client can authenticate servers or send secure S/MIME messages, the client must first create a cross-certificate for the CA server and store it in Contacts. This allows the IBM Notes® client to trust servers or clients that have certificates issued by that CA.
About this task
The client uses a trusted root certificate to create the cross-certificate. Once the cross-certificate is created, the client no longer needs the trusted root certificate.
SSL server authentication for Internet clients other than Notes does not require a cross-certificate.
A Notes client can also create a cross-certificate for a server or client; however, this allows the Notes client to trust only that server or client. The Notes client does not then trust other servers and clients with certificates issued by a CA.
Procedure
- Make sure the CA created a trusted root certificate in the Domino Directory.
- Instruct clients to retrieve an Internet cross-certificate through the User Security dialog box.
Results
Notes users can view the Internet cross-certificates contained in Contacts. For information on how Notes users can see and retrieve their Internet cross-certificates, see Notes Help.