Creating an Internet cross-certificate in the Domino Directory from a certifier document

You can create a cross-certificate in the IBM® Domino® Directory for an Internet certificate. After completing this step, you can push the cross-certificate to IBM® Notes® clients to establish trust of the certifier on the clients.


  1. From the Domino Administrator, click the People & Groups tab and the Certificates view.
  2. Open the document for the Internet or Notes certifier that you want to cross-certify.
  3. Click Actions > Create Cross Certificate.
  4. Select the certifier to cross-certify and click OK.
  5. In the Issue Cross Certificate dialog box click Certifier. (Do not click Cross certify yet.)
  6. Use the Choose a Certifier dialog box to select a server in the Domino domain and a certifier to issue the cross-certificate:
    1. Use the default server or click Server to specify a server.
      • If you are supplying a certifier ID, select the server that is used to locate the list of certifiers so that the Certifier ID file can be updated with the latest set of certificates for itself and all of its ancestors.
      • If you are using the Domino® server-based CA, select the server that is used to access the Domino® Directory to look up the list of certifiers.
        Note: This is also the server on which CERTLOG.NSF is updated.

      Then select one of these options:

    2. Supply a certifier ID and password.
      • Click Certifier ID if you want to use an ID other that which is displayed.
      • Otherwise, click OK, enter the password for the selected certifier ID, and click OK.
    3. Use the CA Process. If you have configured the Domino® server-based CA, select a CA configured certifier from the list and click OK.
  7. In the Issue Cross Certificate box, click Cross certify.
  8. Click View > Refresh and verify that the Domino certifier issued the cross-certificate.

What to do next

Supply the cross-certificate to Notes clients through install media or Security policy settings.