Creating an Internet cross-certificate for server-to-server TLS

One server can obtain an Internet cross-certificate from another server for the purposes of establishing trust. For example, if one server needs to access Directory Assistance on another server.

Procedure

  1. From the HCL Domino® Administrator, select File > Security > Switch ID. Switch to the server.id file.
  2. Select File > Security > User Security and enter the password for the server ID.
  3. Select Identity of Others > People, Services.
  4. Select Find out more about people/services > Retrieve Internet service certificate.
  5. Enter the host name of the server to be trusted. Click Ok to create the Internet cross certificate.
  6. Open the local Name and Address book (usually located in ...\notes\data\names.nsf) and open the Advanced > Certificates > Internet Cross Certificates view. Select the newly-created cross-certificate and copy it to the clipboard.
  7. Open the Domino Directory on the server that needs to access the trusted server. Open the Servers > Certificates > Internet Cross Certificates view and paste the cross certificate in the view.