The procedure used to create Internet certificates for IBM® Notes® is the same,
whether you use IBM Domino® or
a third-party CA to issue the certificates.
About this task
The CA and client complete these steps to add a Domino Internet certificate to
the Notes ID file. A Notes client can use one Internet
certificate or use dual Internet certificates for S/MIME encryption
and signatures.
Procedure
- Before issuing certificates, the CA must determine if Internet
certificates should be created using the existing public and private
keys from the Notes ID file
or if the CA wants to issue certificates based on new keys generated
from a browser certificate request. If clients use a browser that
supports PKCS #12, clients can also import an existing Internet certificate
into the Notes ID file. Depending
on the environment, the administrator may choose to use a combination
of these options for different users.
- The CA adds a trusted root certificate to a Domino Directory that the client can access.
The client can also add a trusted root certificate to Contacts;
however, adding a trusted root certificate to the Domino Directory simplifies the process of
setting up Notes clients for
S/MIME because the trusted root is accessible to many clients.
- The client creates a cross-certificate using the trusted
root certificate for the CA and stores it in Contacts.
- To create a certificate using the existing public and private
keys in the Notes ID file,
use these steps:
- The CA adds an Internet certificate to the Person document.
- The client authenticates with the home server. Notes automatically merges the
Internet certificate into the ID file.
- To use new public and private keys to create an Internet
certificate, use these steps:
- The client requests the Internet certificate from the
CA.
- The CA approves the request, and Domino automatically adds the client's Internet
certificate to the user's Person document.
- The client merges the Internet certificate into the
ID file.
Results
For information about how Notes clients
merge Internet certificates into their ID files, see Notes Help.