Sending and receiving Notes® certificates to establish trust

Trust is established for a certificate through a cross certificate. You may need to send someone your HCL Notes® certificate so that person can create a cross certificate for it. You in turn may receive a Notes® certificate that you need to cross-certify with. You can also create a cross certificate for a certificate in the HCL Domino® Directory.

About this task

Note: If you are not a Notes® mail user, you need to attach your certificate to removable media so you can deliver your certificate to the person requesting it.

To send someone your certificate

About this task

When you send someone your certificate, you are actually sending a safe copy of your User ID. A safe copy of your User ID contains enough information for someone to create a cross certificate with, but not enough information so it can be used by a malicious user.

Note: If you are using a flat certificate, you cannot respond to a cross certificate request.

Procedure

  1. Click File > Security > User Security (Macintosh OS X users: Notes > Security > User Security).
  2. Click Your Identity > Your Certificates.
  3. Click Other Actions > Respond to Cross Certificate Request on the right side of the dialog box.
  4. Select the file name of the User ID that has the certificate you need to send, and then click Open.
  5. Enter the name of the person you are sending your User ID to in the To field (click Address to choose from your Contacts).
  6. Click Send.
  7. When the person receives your User ID in the email you sent, that person can cross-certify with your certificate and then send you encrypted mail.

To create a cross certificate from a certificate sent to you

Procedure

  1. Contact the person you need the certificate from, and ask them to respond to your cross certification request.
  2. Open the email that contains the User ID you need to cross-certify with.
  3. Click Actions > Cross Certify Attached ID file.
  4. In the Certifier password prompt, enter the password for the User ID shown. By default, your hierarchical User ID is listed in the password prompt, so you should enter your Notes® password.
  5. Leave the defaults for Certifier and Server in the "Issue Cross Certificate" dialog box. The certifier should be yourself, and the server should be local, which puts the cross certificate in your Contacts.
  6. Click to create a cross certificate with one of the following in the "Subject name" list:
    • The certificate's root, for example /ACME, which trusts any certificate issued by that root.
    • The certificate's organization, for example /ABC/ACME, which trusts any certificate issued by that organization only.
  7. Click "Cross Certify."

To create a cross certificate from a person record in the Domino® Directory

About this task

There may be someone from another organization who has a person record in the Domino® Directory. If you want to create a cross certificate for that person to access a particular server in your organization, you can create a cross certificate for him or her. That person needs to give you a certificate to cross-certify. You can do this only if you have Author access to that person's person record in the Domino® Directory.

Procedure

  1. In the Domino® Directory, open the person record of the person whom you are cross certifying.
  2. Click Actions > Create Cross Certificate.
  3. Select the certificate to be cross-certified.
  4. Leave the defaults for Certifier and Server in the "Issue Cross Certificate" dialog box. The certifier should be yourself, and the server should be local, which puts the cross certificate in your Contacts.
  5. Click to create a cross certificate with one of the following in the "Subject name" list:
    • The certificate's root, for example /ACME, which trusts any certificate issued by that root.
    • The certificate's organization, for example /ABC/ACME, which trusts any certificate issued by that organization only.
  6. Click "Cross Certify."

Results

To give someone your certificate using removable media

About this task

When you give someone your certificate using removable media, you need to create a safe copy of your User ID to put on the floppy disk that you deliver. A safe copy of your User ID contains enough information for someone to create a cross certificate with, but not enough information so it can be used by a malicious user.

Procedure

  1. Insert removable media into your workstation.
  2. Click File > Security > User Security (Macintosh OS X users: Notes > Security > User Security).
  3. Click Your Identity > Your Certificates.
  4. Click Other Actions > Export Notes ID (Safe Copy) on the right side of the dialog box.
  5. Change the directory to the removable media drive.
  6. Enter a file name for the safe copy of your User ID in the "File Name" field (Macintosh users: Save As field). The default is SAFE.ID.
  7. Click Save, and then deliver the removable media to the person who requested it.
  8. When the person receives your User ID, that person needs to import the certificate into his or her User ID. Once he or she does that, he or she can cross-certify with your certificate and then send you encrypted mail.

Results