Using dual Internet certificates for encryption and signatures
You use your Internet certificate to sign messages that you send. Other people use your Internet certificate to encrypt messages they are sending to you. This is similar to how HCL Notes® certificates work. However, if you have more than one Internet certificate, you may be able to use one Internet certificate for signing messages and another Internet certificate for people to use to encrypt mail messages.
About this task
Some CAs issue specific certificates for signing and issue others for encryption. Other CAs issue certificates that can be used for both signing and encryption.
Encryption
About this task
When a person encrypts mail using your Internet certificate, Notes® usually uses the most recently added certificate from the HCL Domino® Directory to encrypt the message. However, if the most recently added certificate is one that is only used for signing, Notes® looks for a certificate in the Domino® Directory that can be used for encryption.
Note that your administrator can also create a new Internet certificate for you, which could automatically become your default signing or encryption certificate because it was the most recently added Internet certificate.
Signing
About this task
If you add a new Internet certificate to your User ID, the new certificate automatically becomes the default signing certificate because it is the most recently added certificate. If the most recently added certificate is configured for encryption only, Notes® does not change your default signing certificate.
If you want to use a different certificate for signing, you can change which Internet certificate should be used as the default signing certificate at any time.
This topic describes how to:
- Specify a default Internet certificate to use for signing mail
- Obtain someone's Internet certificate for mail encryption
To specify a default Internet certificate to use for signing mail
Procedure
- Click (Macintosh OS X users: ).
- Click Mail.
- Under "Security options that apply to Internet-style Notes® mail only", click the "Internet-style Mail Options" button, then click the "Certificate Configuration" button under "Certificate options."
- In the "Certificate configuration for Internet-style (S/MIME) Mail" dialog box, select the Internet certificate you want to use for electronic signatures.
- Select "Use this certificate as your default signing certificate." This option is only available if you have more than one Internet certificate available to be used for signing and authentication.
Results
To obtain someone's Internet certificate for mail encryption
About this task
If you want to send someone encrypted mail, but you don't
have that person's Internet certificate, have them send you a message
that is signed with their Internet certificate. When you receive the
email, select the email, choose Include X.509 certificates
when encountered
under the Advanced tab. Notes® creates a Contact document and adds any
Internet certificates sent with the mail message to the Contact document.
When you send an encrypted message to this recipient, Notes® extracts the Internet certificate for
encryption from the Contact document and uses the recipient's certificate
to encrypt the message.
If you want to enable someone to send you encrypted mail using your Internet certificate, have the recipient add you to their Contacts by following the same procedure as above.