Certificates for people or services

You can view all of the HCL Notes® and Internet certificates that you trust and don't trust for specific people or services.

Choose File > Security > User Security (Macintosh OS X users: Notes > Security > User Security), and then clicking Identity of Others > People, Services. When you trust a certificate, it usually means you have a cross certificate for it in your Contacts.

See Finding Notes® and Internet certificates you trust for information about how to find out what trust decisions you have listed in your Contacts.

In the Identity of People and Services dialog box, choose any of the following certificate views from the Certificates drop-down list. If Research name in directory and in your address book is selected at the top of the dialog box, you are viewing certificates found in your Contacts or the HCL Domino® Directory. If Show all in your address book is selected at the top of the dialog box, you are viewing certificates only found in your Contacts.

Table 1. Certificate views

Types of certificates to view

Explanation of view type

All (default)

All Notes® and Internet certificates.

Trusted Notes®

  • Notes® certificates issued by your Notes® certificate authority, which you automatically trust.
  • Notes® certificates that you trust because you have a valid cross certificate (in some cases, you may not be storing the Notes® certificate in your Personal Address Book for which you have a valid cross certificate).
  • Notes® flat certificates that you trust because they are issued by a trusted flat certificate authority. This applies only if you have your own flat certificate in your User ID.

Trusted Internet

Internet certificates that you trust because you have a valid cross certificate (in some cases, you may not be storing the Internet certificate in your Personal Address Book for which you have a valid cross certificate).

All Notes®

All trusted Notes® certificates and Notes® certificates that are not trusted because there are no corresponding cross certificates.

All Internet

All trusted Internet certificates and Internet certificates that are not trusted because there are no corresponding Internet cross certificates.

Trust for a certificate

For any certificate listed, you may see any of the following under the Trust column:

  • If there is a check mark in a check box next to a certificate, it means you trust the certificate. You can uncheck the check box to stop trusting the certificate.
  • If there is an empty check box next to the certificate you want to trust, you can click the check box to trust it.
  • If there is a check mark but no check box, then you trust the certificate because your administrator has decided the trust for you.
  • If no certificates appear, then the certificates cannot be found.
Note: You can set trust for an untrusted certificate. You have the option to trust only the certificate of the person or service, or to trust the certificate authority (CA) certificate. The option to trust a CA certificate is only offered if Notes® can find the CA certificate. Sometimes a certificate is listed as trusted because you already trust the CA that issued the certificate. You can find out specific cross certificate information about a certificate by selecting the certificate and clicking the Trust Details button. To learn more about trusting CA certificates, see Certificate authorities and the certificates they issue.

Limitations for a certificate

For any certificate listed, you may see any of the following under the Limitations column:

  • Mail encryption not found -- the person can be identified because a cross certificate was found, but Notes® cannot find the certificate needed to encrypt mail or other data.
  • Usable for signing only (no encryption) -- the Internet certificate is only configured for signing, not encryption. You cannot use this certificate to send a person encrypted mail or other encrypted data.
  • Usable for encryption only (no signing) -- the Internet certificate is only configured for encryption, not signing. You can use this certificate to send a person encrypted mail or other encrypted data.
  • May not pass verification tests -- Notes® could not verify the certificate or certificate chain. This may indicate that there is a problem with the certificate, or a problem with the CA certificates that accompany the certificate. You cannot use this certificate to send a person encrypted mail or other encrypted data.

Advanced options and deleting certificates

For more details about individual certificates, select the certificate and click the Certificate Details button.

For more information about the specific trust you have for individual certificates, select the certificate and click the Trust Details button.

To delete trusted certificates for people and services specifically listed in your Contacts, open your Contacts, click Advanced > Certificates, select a certificate to delete and click the Delete Certifier action button in the action bar. This action deletes the selected certificate and the cross certificate associated with it. If the cross certificate is trusting a certificate authority (CA), you are deleting your trust to that certificate authority as well. You may not be able to delete a certificate if your administrator is controlling the trust.