Internet certificates for SSL and S/MIME

Before Internet and Notes® clients can use client authentication or send signed mail, they must have an Internet certificate. To send encrypted mail using S/MIME, they must have the recipient's Internet certificate.

About this task

You need to complete these steps for Internet and Notes® clients who are creating new public and private keys for the Internet certificate. You do not need to complete these steps if you are using a Notes® client and the CA issued certificates in the Person document of the Domino® Directory. Notes® automatically adds Internet certificates stored in the Person document to the Notes® ID file when the user authenticates with the server.

You can also set up Notes® clients to use different certificates for signing and encryption. You designate one Internet certificate authentication and signing, and another for encryption.

To obtain an Internet certificate for a Notes® client

About this task

The procedure that Notes® clients follow to request an Internet certificate is the same whether a Domino® CA or third-party CA issues the certificates.


  1. Have users request an Internet certificate.
  2. The CA approves the request by signing the certificate, and Domino® automatically adds the client's Internet certificate to the user's Person document.
  3. Have users merge the Internet certificate into their ID file.


For information on how Notes® users request and merge Internet certificates into their ID files, see the IBM® Notes® 9.0.1 Social Edition Help.

You can also issue Internet certificates for Notes® clients in Person documents so that users aren't required to submit Internet certificate requests .

To obtain an Internet certificate for an Internet client from a Domino® CA


  1. If you are using a Domino® server-based certification authority, browse to the Certificate Request application. If you are using a Domino® 5 certificate authority, browse to the Domino® Certificate Authority application.
    Note: If you use Microsoft Internet Explorer, use HTTP without SSL to connect to the Certificate Authority application. Internet Explorer does not allow you to accept site certificates into your browser.
  2. Click Request Client Certificate.
  3. Enter your name and organizational information. This information will appear on your Internet certificate.
  4. Enter any additional contact information that you want to send to the CA.
  5. Enter the size for the public and private keys. The larger the number, the stronger the encryption.
  6. Click Submit Certificate Request to send the request to the CA.

To obtain an Internet certificate for an Internet client from a Third-party CA

About this task

The third-party CA determines how you request an Internet certificate. Browse to the third-party CA's site, and enter the certificate request. A dialog box appears that allows you to request the certificate.