Issuing Internet certificates in a Person document

If you need to issue Internet certificates for Notes® clients and you do not want to require each user to submit an Internet certificate request and merge the certificate into the ID file, you can issue the Internet certificate using the existing public and private keys in the Notes® ID file and add it to the user's Person document. Using the Domino® Directory to issue Internet certificates simplifies the process of distributing Internet certificates to users.

About this task

The server on which you issue Internet certificates must be set up for the Administration Process, and the users must have an Internet address specified in their Person documents. In addition, you must add Internet certificates that are created using a Domino® certifier.

To issue an Internet certificate in a Person document

Procedure

  1. From the Domino® Administrator, click People & Groups.
  2. Select the names of the users who need Internet certificates.
  3. Choose Actions > Add Internet Cert to Selected People.
  4. Check to make sure that the name of the dialog box displays the name of the correct registration server. If it does not, click Server to choose another server.
  5. Choose whether to supply the certifier key ring file and password, or to use the CA process.
    • If you choose to supply the certifier key ring file and password, select the CA's key ring file, and when prompted, enter the password.
    • If you choose to use the CA process, choose a certifier from the drop-down list.
  6. In the Add Internet Certificates to Selected Entries dialog box, confirm that the expiration date is valid. If not, enter the correct date.
  7. Click Certify.
  8. The certifier processes the request.

Results

If you chose to provide a certifier ID, Domino® creates a certificate for each selected user and stores it in an Add Internet Certificate to Person Record request in the Administration Request database.

If you chose to use the CA process, a certificate request is created in the Administration Request database for each selected user. When the CA processes the request, it creates the Add Internet Certificate to Person Record request.

  1. When the Administration Request database replicates with the Domino® Directory's administration server, the Administration Process places the certificate in the user's Person document.
  2. After the Domino® Directory replicates with the user's mail server and the user subsequently accesses the mail server, Notes® recognizes there is a certificate in the Domino® Directory that is not in the user's ID file. Notes® automatically places the Internet certificate in the user's ID file.