Accessing servers using certificates
A certificate is an electronic stamp, like a stamp on a passport, which verifies to a server that you are who you say you are. Certificates are stored in your User ID. When you first receive your User ID from your administrator, it contains a Notes® certificate. You may decide to use Internet certificates as well. (You may see Internet certificates being referred to as X.509 certificates.)
You can view all of the certificates in your User ID by choosing (Macintosh OS X users: ), and then clicking .
What are Notes® certificates?
When you want to access any Domino® server, whether it be your mail server or an HR server in your company, you need a certificate to identify yourself to that server, and the server needs a certificate to identify you.
Notes® certificates in Notes® Release 5 and later use hierarchical names, so the certificate authority's name is part of the certificate's name. (The certificate authority, or CA, is the entity that created your certificate and issued it to you.) For example, your certificate might look like this: Joe User/ACME, where Joe User is your name and ACME is your CA's name.
There are three types of Notes® certificates you can have in your User ID:
- Notes Multi-purpose certificates are used to identify you for most Notes® purposes, such as logging in to Notes® and accessing Notes® databases on Domino® servers. Your Notes® multi-purpose certificates allow for strong cryptography -- for example, you receive mail protected with strong encryption when your Notes® multi-purpose certificate is used to send you encrypted mail. The certificates contain a public key, which is used to sign and encrypt messages, the name of the CA that issued your certificate, the name of the person or server the certificate is issued to, the date the certificate was made, and the certificate's expiration date. Most users use Notes® Multi-purpose certificates only.
- Notes International certificates are used for encryption only. They allow anyone who can't use strong encryption to send you encrypted mail. They are generally not for your personal use. You always have an International certificate in your User ID, even if it is not used.
What are Internet certificates?
When you want to access a secure website that requires an TLS connection, such as
www.verisign.com, where S is added before the HTTP that precedes the address, or you want to
encrypt or sign mail that is sent over the Internet, you need an Internet certificate. Usually
you store Internet certificates in a Web browser, such as Netscape or Internet Explorer;
however, you can also store Internet certificates in your User ID to be used with the Notes® browser or with Notes® mail. Internet certificates often contain an email address. Because Internet
certificate names are lengthy, Notes® displays the email
address in a short format as a way of showing who the certificate belongs to. If there isn't an
email address available, Notes® displays the most
significant part of the Internet certificate name. For example, you could have an Internet
certificate that looks similar to this: CN=ACME Internet CA/O=ACME/S=MASS/C=US. The portion of
this certificate Notes® displays is ACME Internet
CA.
If you need to see the entire name
associated with your personal Internet certificate, you can choose (Macintosh OS X users: , click , select Your Internet Certificates
from the
drop-down list, and click the Advanced Details button.
To see details of other people's Internet certificates, see Certificates for people or services.
Your Internet certificates are identified by Notes® as Internet Multi-purpose certificates. Within Notes®, this type of certificate is used to access secure Web pages using the Notes® browser, to send and receive secure mail using Internet-style Notes® mail (S/MIME), and to secure connections to Internet services using Secure Socket layer (TLS) connections.