Importing and cross-certifying the IdP Internet certificate

When SSL is used between an IdP and Domino, import the IdP SSL certificate into the Domino directory and cross-certify it.


  1. Connect to the IdP using the Firefox browser.
  2. Click the certificates lock icon in the address bar and view the certificates.
  3. Click the Details tab and select the Certificates KeyUsage field.
  4. Verify that the Certificates KeyUsage field contains values for Certificate Signer and CRL Signer.
  5. If the Certificates KeyUsage field does not include these values, select the certificate one level up in the certificate hierarchy and confirm that you see the values.
  6. Export the selected certificate and save it as a X.509 Certificate with chain(PEM) .crt file.
  7. Import the certificate into the Domino directory used by the ID vault and web servers and then cross-certify it:
    1. Open the directory in Domino Administrator.
    2. Select People & Groups > Certificates > .
    3. Select Actions > Import Internet certificate.
    4. Open the certificate in the Certificates view.
    5. Select Actions > Create cross certificate
    6. Cross-certify the certificate with the certificate of the server ID file.