Setting up Notes® and Internet clients for TLS authentication

You can set up Notes® or other Internet clients for server authentication to encrypt data and authenticate the server identity when connecting to an Internet server. You do not need an Internet certificate if you set up a client for server-only authentication.

On the server, TLS is set up on a protocol-by-protocol basis. You can choose to enable TLS on all protocols, or enable TLS on some protocols but not others. For example, you can enable TLS on mail protocols (IMAP, POP3, SMTP) and disable it for HTTP. You must also enable the port for anonymous access; otherwise, Domino® requires an Internet certificate or a name and password from the client.

To access an Internet server using TLS, clients must have:

  • Software, such as a Web browser or a Notes® client, that supports TLS.
  • A trusted root certificate from a Domino® or third-party certifier.
  • (Notes® client only) A cross-certificate created using the trusted root certificate for the Domino® or third-party certifier. The trusted root certificate is no longer necessary after you create a cross-certificate.
Note: Secure transactions are indicated by the use of the term https:// in URLs for TLS-secured sites. A browser user can specify this when initiating a secure transaction. More likely, the user will navigate to a login page, where it is necessary to log in with a name and password in order to access the secure Web page.