Publishing third-party CA client certificates in a Person record
Notes® and Internet users who have a client certificate from a third-party certifier may want to have this certificate published in their Person record so that, if a user authenticates with a Domino® server over SSL with that certificate, Domino will be able to determine the user's Notes identity.
About this task
The server can the use the Notes identity to check server database ACLs to determine the user's access to those databases. If the certificate with which a user authenticates isn't in a Person document, Domino gives the user anonymous access, even though the user has authenticated using SSL authentication.
To publish a third-party client certificate in a user's Person record, use the Certificate Publications Request database. Clients submit certificate publication requests to the database, where they are approved by an administrator. After a request is approved, a publication request is created automatically in the Administration Process database. When the request is completed, the third-party client certificate is published in the requester's Person record.
In order to use this database, the server on which it is hosted must:
- Be configured for SSL, accepting both client certificates and anonymous access
- Have trusted root certificates installed in its server key ring for any certifier whose certificates you want to accept for publication
In order for users to make a publication request, they must be able to authenticate to the Certificate Publications database with the certificate they want to have published.
To create the Certificate Publications Request database
Procedure
- From the Domino Administrator, click .
- Create a new database using the Domino Certificate Publications Request template (certpub.ntf).
To publish a third party CA client certificate in a Person record
Procedure
- The client opens the Certificate Publications Request database using a browser, completes the Certificate Registration Request form, and submits it.
- The administrator approves or denies the publication requests in the Waiting for Approval view.
- If the request is approved, it is submitted to the Administration Process and the client certificate is published in the requester's Person record.