Adding a Notes® cross-certificate for IDs by Notes® mail

If you can route mail to the organization that will cross-certify a user, server, or certifier ID, you can use IBM® Notes® mail to add a Notes® cross-certificate. For cross-certification to work, these steps must be carried out twice, with each organization alternately requesting cross-certification. You cannot use these procedures to create an Internet cross-certificate.

To send an ID for cross-certification

Procedure

  1. Choose File > Security > User Security, select the ID, and enter the password.
  2. Click Your Identity > Your Certificates, and then click Other Actions. Select Mail, Copy Certificate (Public Key).
  3. Select the user, server, or certifier ID you want to have cross-certified, and then click OK.
  4. Enter the password (if required).
  5. Address the cross-certification request to the certification administrator at the other organization, and then click Send.

To cross-certify the ID

Procedure

  1. Open the cross-certification request in your mail file.
  2. Choose Actions > Cross Certify Attached ID File.
  3. Select the certifier that will issue the cross-certificate. If you choose a non-CA enabled certifier, enter the password for that certifier ID, and then click OK.
  4. Complete one or more of these fields:
    Table 1. Cross-certification Fields

    Field

    Enter

    Subject name

    Organization or organizational unit certifier to be cross-certified, for example, /Renovations.

    Subject alternate name list

    An alternate name for the subject of the certificate. Alternate names allow you to assign names that are recognizable in a user's native language to an ID file.

    Expiration date

    Date when the cross-certificate expires.

    Certifier

    File name of your organization's certifier ID.

    Server

    Location of the IBM® Domino® Directory where you want to copy the cross-certificate.

  5. Click Cross Certify. Domino® places the cross-certificate in the Server > Certificates view of the Domino® Directory of the server you specified in Step 5.