Adding a Notes® or Internet cross-certificate on demand
When users access a server or receive a signed message, they can accept an HCL Notes® or Internet cross-certificate from another organization. HCL Domino® adds the cross-certificate to the user's Contacts. Then the next time the user tries to access the server, the user can authenticate the server with that cross-certificate. Similarly, the user can use the cross-certificate to verify signed messages from the organization that was cross certified.
About this task
You cannot add an Internet cross-certificate on demand if a user's Internet certificate already exists in an LDAP directory.
To add a cross-certificate on demand
Procedure
- Using a Notes® workstation, attempt to access a server in an organization with which you are not cross-certified or open a signed message whose signature you do not trust.
- If you attempted to access a server, select Advanced
Options when Domino® displays
this message:
Your local Domino Directory does not contain a cross-certificate for this organization.
Would you like to suppress this warning in the future by creating a cross-certificate for this organization in your Name and Address Book?
- To avoid the possibility of cross-certifying an impostor, call someone trustworthy from the named organization and ask the person to tell you the organization's public key. Compare it to the key displayed in the Advanced Options dialog box.
- Complete these fields:
Table 1. Cross-certification Fields Field
Enter
Certifier
File name of a user, server, or certifier ID. Specify a server or certifier ID when creating a cross-certificate for a server. The ID specified indicates who can use the cross-certificate.
Server
Location of the Contacts or Domino® Directory where you want to copy the cross-certificate. Add the cross-certificate to Contacts for Notes® clients.
Subject name
Organization or organizational unit certifier that you want to cross-certify, for example, /Renovations. You can also create a cross-certificate for the owner of the certificate.
Subject alternate name list
An alternate name that identifies the subject. Alternate names allow you to assign more than one name to an ID, which is recognizable in a user's native language.
Expiration date
Date when the cross-certificate will expire.
- Click Cross Certify. Domino® places the cross-certificate in the view of the Domino® Directory of the server you specified in Step 4 or in the view of Contacts.