Sending and receiving Notes® certificates to establish trust
Trust is established for a certificate through a cross certificate. You may need to send someone your IBM® Notes® certificate so that person can create a cross certificate for it. You in turn may receive a Notes® certificate that you need to cross-certify with. You can also create a cross certificate for a certificate in the IBM® Domino® Directory.
About this task
To send someone your certificate
About this task
When you send someone your certificate, you are actually sending a safe copy of your User ID. A safe copy of your User ID contains enough information for someone to create a cross certificate with, but not enough information so it can be used by a malicious user.
Procedure
- Click (Macintosh OS X users: ).
- Click .
- Click on the right side of the dialog box.
- Select the file name of the User ID that has the certificate you need to send, and then click Open.
- Enter the name of the person you are sending your User ID to in the To field (click Address to choose from your Contacts).
- Click Send.
- When the person receives your User ID in the email you sent, that person can cross-certify with your certificate and then send you encrypted mail.
To create a cross certificate from a certificate sent to you
Procedure
- Contact the person you need the certificate from, and ask them to respond to your cross certification request.
- Open the email that contains the User ID you need to cross-certify with.
- Click .
- In the Certifier password prompt, enter the password for the User ID shown. By default, your hierarchical User ID is listed in the password prompt, so you should enter your Notes® password.
- Leave the defaults for Certifier and Server in the "Issue Cross Certificate" dialog box. The certifier should be yourself, and the server should be local, which puts the cross certificate in your Contacts.
- Click to create a cross certificate with one of the following
in the "Subject name" list:
- The certificate's root, for example /ACME, which trusts any certificate issued by that root.
- The certificate's organization, for example /ABC/ACME, which trusts any certificate issued by that organization only.
- Click "Cross Certify."
To create a cross certificate from a person record in the Domino® Directory
About this task
There may be someone from another organization who has a person record in the Domino® Directory. If you want to create a cross certificate for that person to access a particular server in your organization, you can create a cross certificate for him or her. That person needs to give you a certificate to cross-certify. You can do this only if you have Author access to that person's person record in the Domino® Directory.
Procedure
- In the Domino® Directory, open the person record of the person whom you are cross certifying.
- Click .
- Select the certificate to be cross-certified.
- Leave the defaults for Certifier and Server in the "Issue Cross Certificate" dialog box. The certifier should be yourself, and the server should be local, which puts the cross certificate in your Contacts.
- Click to create a cross certificate with one of the following
in the "Subject name" list:
- The certificate's root, for example /ACME, which trusts any certificate issued by that root.
- The certificate's organization, for example /ABC/ACME, which trusts any certificate issued by that organization only.
- Click "Cross Certify."
Results
To give someone your certificate using removable media
About this task
When you give someone your certificate using removable media, you need to create a safe copy of your User ID to put on the floppy disk that you deliver. A safe copy of your User ID contains enough information for someone to create a cross certificate with, but not enough information so it can be used by a malicious user.
Procedure
- Insert removable media into your workstation.
- Click (Macintosh OS X users: ).
- Click .
- Click on the right side of the dialog box.
- Change the directory to the removable media drive.
- Enter a file name for the safe copy of your User ID in the "File Name" field (Macintosh users: Save As field). The default is SAFE.ID.
- Click Save, and then deliver the removable media to the person who requested it.
- When the person receives your User ID, that person needs to import the certificate into his or her User ID. Once he or she does that, he or she can cross-certify with your certificate and then send you encrypted mail.