Pushing certificates to clients through security policy settings

If you have created a cross-certificate in the Domino® Directory for an Internet certifier or Notes® certifier, you can use security policy settings to push it to Notes® clients' Contacts. You can optionally push an Internet certifier too. Users can view the cross-certificate or certifier in Contacts but cannot edit or delete it.

About this task

Changes to certificates in the Domino® Directory or to the trust configuration in a security policy settings document causes automatic updates to clients as follows:
  • Updating a certifier or cross-certificate in the Domino® Directory updates it on clients that trust the certifier through policy.
  • Deleting a certifier or cross-certificate from the Domino® Directory deletes it from the policy configuration and from clients.
  • Pushing a certifier or cross-certificate through policy overrides any versions that existed on clients prior to policy configuration.
  • Removing a certifier or cross-certificate from the policy configuration removes it from clients.

Perform the following steps:


  1. Create or edit a security policy settings document.
  2. Click the Keys and Certificates tab.
  3. In the Administrative trust defaults section, click Update Links, select one of the following options, and click OK:
    • To push all Notes® cross-certificates, Internet cross-certificates, and Internet certifiers in the Domino® Directory to clients, select All supported.
    • To push specific certificates, for example, specific cross-certificates only, select Selected supported and select each certificate to push.
  4. Save the modified document.