Certificate authorities and the certificates they issue

You can view all of the Notes® and Internet certificate authority (CA) certificates that you trust.

Choose File > Security > User Security (Macintosh OS X users: Notes > Security > User Security), and then clicking Identity of Others > Authorities. When you trust a CA certificate, you trust all certificates that the CA issues. When you trust a certificate, it usually means you have a cross certificate for it in your Contacts.

In the "Certificates Authorities and the Certificates They Issue" dialog box, choose any of the following certificate views from the Certificates drop-down list to see CA certificates found in your Contacts or in the Domino® Directory.

Table 1. Certificate views

Types of certificate authority certificates to view

Explanation of view type

Trusted Notes®
  • Notes® certificates for an organizational unit certificate authority in the same hierarchy as your Notes® certificate authority, for example /ABC/ACME.
  • Your Notes® certificate authority certificate itself, for example /ACME.
  • Notes® certificates that you trust because you have a valid cross certificate (in some cases, you may not be storing the Notes® certificate in your Personal Address Book for which you have a valid cross certificate).

Trusted Internet

Internet certificates that you trust because you have a valid cross certificate (in some cases, you may not be storing the Internet certificate in your Personal Address Book for which you have a valid cross certificate).

All Notes®

All trusted Notes® certificates and Notes® certificates that are not trusted because there are no corresponding cross certificates.

All Internet

All trusted Internet certificates and Internet certificates that are not trusted because there are no corresponding Internet cross certificates.

Notes® Root Authorities

The root of the Notes® certificate chain. For example, /ACME is a root.

Internet Root Authorities

The root of the Internet certificate chain -- the CA for an organization. For example, O=ACME is a root.

Notes® Intermediate Authorities

Any Notes® CA that is not a root. The CA is part of a larger hierarchy. The intermediate CA's certificate is issued by a higher level CA. For example, /123/ACME is an intermediate CA certificate of the root /ACME.

Internet Intermediate Authorities

Any Internet CA that is not a root -- the CA for an organizational unit. The CA is part of a larger hierarchy. The intermediate CA's certificate is issued by a higher level CA. For example, OU=123/O=ACME is an intermediate CA certificate of the root O=ACME.

All (default)

All Notes® and Internet CA certificates.

Trust for a certificate authority

For any CA listed, you may see any of the following under the Trust column:

  • If there is a check mark in a check box next to a certificate, it means you trust the certificate. You can clear the check box to stop trusting the certificate.
  • If there is an empty check box next to the certificate you want to trust, you can click the check box to trust it.
  • If there is a check mark but no check box, then you trust the certificate because your administrator has decided the trust for you.
  • If no certificates appear, then the certificates cannot be found.

"Issued Certificates Trusted For Names"

For any CA listed, you may see any of the following under the "Issued Certificates Trusted for Names" column:

  • */ACME -- You trust any certificate that follows this naming scheme. For example, you trust /ABC/ACME because it fits the naming scheme of */ACME. Notes® certificate authorities always use this naming style when issuing certificates.
  • <all Internet names> --This appears for any trusted Internet CA. There are no expectations for how an Internet CA chooses to create names. Any name appearing in a certificate issued by the trusted Internet CA is considered to be valid.
  • <all names> -- This appears with your Notes® certificate authority certificate in your User ID. You accept everything from your own CA without question.

Advanced options and deleting certificates

For more details about individual CAs, select the CA and click the "Certificate Details" button.

For more information about the specific trust you have for individual CAs, select the CA and click the "Trust Details" button.

If you are viewing certificates for authorities, you also have the following options:

  • To delete a trusted certificate for an authority specifically listed in your Contacts, select a certificate to delete and click the Delete button. This action deletes the selected certificate and the cross certificate associated with it. You may not be able to delete a certificate if your administrator is controlling the trust.
  • Click Other Actions > Browse Authority Certificates on Server to find other certificate authorities that are in the Domino® Directory. Once you choose to do this, select the server where the Domino® Directory resides, and then select certificates of certificate authorities from the Domino® Directory. For each certificate you want to copy to your Contacts, click "Copy to your Address Book" in the "Browse Authority Certificates on Server" dialog box.
  • Click Other Actions > Download Administrative Trust Defaults from Home Server to download trust decisions found in the Domino® Directory. You can only download trust decisions made by your administrator. These trust decisions are implemented as cross certificates in your Contacts.