Importing and exporting Internet certificates for use between browsers

When you receive new Internet certificates, you can only use them in the browser with which you requested them. However, you can export Internet certificates from a browser and then import them into your User ID so you can use them with the HCL Notes® browser and Internet-style mail (S/MIME). In the same respect, you can export Internet certificates from your User ID so you can use them with a browser other than Notes®. You can also import and export Internet certificates for use between other Internet applications, such as Microsoft® Outlook.

Results

To import an Internet certificate into your User ID

About this task

If you have an Internet certificate that you have stored in a browser, such as Netscape, and you want to use that certificate in the Notes® browser, you need to import the Internet certificate into your User ID.

You cannot import invalid Internet certificates or incomplete certificate chains.

Procedure

  1. Export the Internet certificate from the browser it is stored in, and save it to a directory that you can pick it up from later. If you have the ability to choose the export format, you should choose PKCS #12 format, which includes your Internet private key and any supporting Internet certificates in the certificate chain if available. You will not succeed at importing certificates into your User ID if the export does not include your Internet private key.
  2. Click File > Security > User Security (Macintosh OS X users: Notes > Security > User Security).
  3. Click Your Identity > Your Certificates.
  4. Click Get Certificates > Import Internet Certificates on the right side of the dialog box.
  5. Select the file containing the Internet certificate that you just exported from the browser in the "Specify File Containing the Internet Certificates" dialog box, and then click Open.
  6. If prompted, select the format of the Internet certificate you are importing, and then click Continue. By default, Notes® should select the correct format for you.
  7. If there is a password you set for the file, enter the password.
  8. To accept the import, click the "Accept All" button in the "Import Internet Certificates" dialog box.
  9. Check that your Internet certificates were imported into your User ID by choosing File > Security > User Security (Macintosh OS X users: Notes > Security > User Security), click Your Identity > Your Certificates, and then select "Your Internet Certificates" from the drop-down list.
  10. (Recommended) Make a backup copy of your User ID after you successfully import an Internet certificate.

Results

Note: Once you import the Internet certificate into your User ID, you may need to create a cross certificate if you do not already trust the Internet certificate.

To export an Internet certificate from your User ID

About this task

If you want to use an Internet certificate with another browser, such as Netscape, and you already have that certificate stored in your User ID to use with the Notes® browser, you need to export the certificate from your User ID. The Internet certificate you are exporting is a saved copy.

You can export only one Internet certificate at a time. The selected Internet certificate is exported along with its certificate chain.

Procedure

  1. Click File > Security > User Security (Macintosh OS X users: Notes > Security > User Security).
  2. Click Your Identity > Your Certificates.
  3. Select the Internet certificate you want to export by selecting "Your Internet Certificates" from the drop-down list.
  4. Click Other Actions > Export Certificate on the right side of the dialog box.
  5. Select the format of the certificate to export, and then click Continue. PKCS 12 is the default and is usually compatible with most browsers.
  6. If you chose PKCS 12, in the "Export Options" dialog box, customize the "friendly name" in the "Suggested Friendly Name" field. Friendly names allow you to distinguish this certificate from others you may have stored in the browser. The browser identifies the certificate with the friendly name that you supply.
  7. If you chose PKCS 12, in the "Export Options" dialog box, select "Export private key corresponding to this certificate" if you would like to export the Internet private key along with the Internet certificate, and then click Continue. If you don't export the private key, then you cannot use your Internet certificate for many security functions.
    Note: If you're exporting from User Security, and you can't export your private key even though PKCS#12 export usually allows it, it is likely that your private key is stored on a Smartcard and it can't be retrieved for export.
  8. If you chose PKCS 12, in the "Password for Export File Containing Internet Certificates" dialog box, enter a password for the export file, and confirm the password, then click Continue. Click "No Password" if you do not want to specify a password for the export file.
  9. Specify a directory and name for the export file in the "Specify Export File for the Internet Certificates" dialog box, and then click Save.