Secure mail for iNotes

To allow IBM® iNotes® users to encrypt and digitally sign email messages, you must enable both the Encrypted mail support and the Name Resolution and Validation fields on the iNotes tab of the server's configuration settings document.

If an SSL connection is required for either the client or both the client and server, iNotes users cannot read or send encrypted messages when connected via HTTP. If the user is connected via HTTP, they must switch to HTTPS when accessing the encrypted message on the server. This switch occurs automatically when sending encrypted mail. The user is prompted to switch when reading encrypted mail.

S/MIME is supported in iNotes. Users can verify an S/MIME signature on a received message. Users who have an X.509 certificate in their mail file-based IBM Notes® ID can decrypt received S/MIME messages as well as S/MIME sign messages they send. Outgoing messages can be S/MIME encrypted for recipients who have an X.509 certificate in the IBM Domino® directory or in iNotes contacts. To allow an X.509 certificate to be used by iNotes, an Internet cross-certificate must be issued from the user's organizational certifier to the certificate authority that issued the X.509 certificate. This Internet cross-certificate must be present in the Domino directory.

When both Notes and S/MIME sign and encryption are possible, iNotes uses S/MIME sign and encryption by default. This could cause problems in a mixed environment that includes pre-Domino 7 servers. Pre-Domino 7 servers do not support S/MIME, so messages sent S/MIME signed and encrypted could not be verified or decrypted. Use the notes.ini file setting iNotes_wa_SecMailPreferNotes to turn on Notes sign and encryption when both S/MIME and Notes sign and encryption are possible. This setting is not supported offline.