SECURITY
See Examples of cross-certification.
Accessing a server
If a user attempts to access a server in a different organization, and the user does not already have a cross-certificate issued to that server or one of its ancestors, a dialog box gives the recipient the option to add the cross-certificate "on demand." Users can add a Notes cross-certificate this way. This is usually the quickest and easiest way for a user to obtain a cross-certificate.
For more information, see Adding a Domino or Internet cross-certificate on demand.
Receiving a signed mail message
If a user receives a signed mail message from a user in a different organization and the recipient does not already have a cross-certificate issued to that server or one of its ancestors, the "on demand" cross-certificate dialog box appears. Users can add both Notes and Internet cross-certificates this way.
Adding a cross-certificate from the Domino Directory
Users can retrieve Internet certificates and Notes and Internet cross-certificates from the Domino Directory on their home/mail server, and add them to their Personal Address Books. Domino administrators can use any method to add the Internet certificates and Notes and Internet cross-certificates to the Domino Directory; however, the cross-certificates must be issued by a common ancestor before Notes copies the cross-certificates to the user's Personal Address Book.
By Notes mail or postal service
Users can add a cross-certificate by sending a safe copy of the certificate through Notes mail or the postal service. Users can use this method to add a Notes cross-certificate only.
For more information, see Adding a Notes cross-certificate for IDs by Notes mail and Adding a Notes cross-certificate for IDs by postal service.
From an Internet server
Users can obtain an Internet cross-certificate through the User Security panel (File - Security - User Security). Users would choose Identity of Others - People, Services, and click "Retrieve Internet Service Certificate." A dialog box allows the user to specify an Internet server from which to obtain a certificate to cross-certify. This method can be the quickest way to obtain an Internet cross-certificate.
For more information on obtaining Internet cross-certificates for Notes client, see To retrieve an Internet cross-certificate if you have installed Lotus Notes 7 Help. Or, go to www.lotus.com/ldd/doc to download or view Lotus Notes 7 Help.
By phone
Users can add a cross-certificate by providing the name and public key of the certificate by phone. Users can use this method to add a Notes certificate only.
For more information, see Adding a Notes cross-certificate by phone.
In the Person document
Users can cross-certify a certificate stored in a Person document in the Domino Directory using Actions - Create Cross Certificate. Users can add both Internet and Notes cross-certificates this way.
For more information, see Creating a cross-certificate from a user's Person document.
From a trusted root certificate
Users can create an Internet cross-certificate from a trusted root certificate if you have a trusted root certificate in the Personal Address Book or Domino Directory. Notes and Domino provide in the Personal Address Book and Domino Directory many default trusted root certificates for third-party CAs. To indicate trust for these CAs, create a cross-certificate using the trusted root. You can also add a trusted root certificate for other CAs that are not included by default and create cross-certificates for them.
For more information, see Creating an Internet cross-certificate for a CA.
Example
See also