Adding a Notes® cross-certificate for IDs by postal service

Organizations that cannot communicate through IBM® Notes® mail can use these steps to add a Notes® cross-certificate for user, server, and certifier IDs. For cross-certification to work, these steps must be carried out twice, with each organization alternately requesting cross-certification. You cannot use these procedures to create an Internet cross-certificate.

To create a safe copy of an ID

About this task

Use these steps to create a safe copy of the user, server, or certifier ID that you want to cross-certify.

Procedure

  1. From the IBM® Domino® Administrator, click the Configuration tab.
  2. Choose Certification and then choose ID Properties.
  3. Select the user, server, or certifier ID file, and then click Open.
  4. Type the password (if required). The ID Properties dialog box appears.
  5. Click Your Identity > Your Certificates > Other Actions, and then select Export Notes ID (Safe Copy).
  6. Enter a path and name for the safe copy, and then click OK. The default name is SAFE.ID.
  7. Copy the file to a disk.
  8. Use the postal service to send the disk to the certification administrator at the other organization.

To add a cross-certificate for the safe copy

About this task

Use these steps to add the cross-certificate to the Domino® Directory.

Procedure

  1. From the Domino® Administrator, click the Configuration tab.
  2. Click Certification, and then click Cross Certify.
  3. Select whether to use a CA-enabled certifier or use the certifier ID, and click OK.
  4. If you chose to use the certifier ID, enter the password for the ID, and click OK.
  5. Select the safe copy of the ID to be cross-certified, and then click OK.
  6. Complete one or more of these fields:
    Table 1. Cross-certification Fields

    Field

    Enter

    Certifier

    Name of your organization's certifier ID.

    Server

    Location of the Domino® Directory where you want to copy the cross-certificate.

    Subject name

    Organization or organizational unit certifier to be cross-certified, for example, /Renovations

    Subject alternate name list

    An alternate name for the subject of the certificate. Alternate names allow you to assign names that are recognizable in a user's native language to an ID.

    Expiration date

    Date when the cross-certificate expires.

  7. Click Cross Certify. Domino® places the cross-certificate in the Server > Certificates view of the Domino® Directory of the server you specified in Step 6.