Securing your POP3, IMAP, or LDAP accounts

HCL Notes® supports Secure Sockets Layer (TLS), which makes communication secure for your POP3, IMAP, or LDAP accounts. TLS encrypts the data that is sent between your Notes® client and the server you specify for your account. Notes® supports TLS versions 2.0 and 3.0. By default, Notes® negotiates the best TLS version to use with a particular server.

Note: Setting up a secure TLS connection in for POP3, IMAP, or LDAP doesn't necessarily mean that the server you are trying to access is running TLS.

To enable TLS for a particular account

  1. Open your Contacts.
  2. From the menu choose View > Advanced > Accounts.
  3. Click Actions > New > Account, or select an existing account and choose Actions > Edit.
  4. If you are creating a new account, see Creating or editing Internet mail accounts manually for information on creating an account.
  5. Click the Basics tab, and select Enabled in the TLS field.
  6. If you plan to access a site that you do not already trust, you must request an Internet cross certificate for that site. You do not have trust established if you receive security warnings when you try to access the site, or if you cannot access the site at all. Notes® comes with many Internet cross certificates that trust common certifiers, so it is likely that you do not need an Internet cross certificate.
  7. (Optional) Change any of the following TLS settings for any account, found by clicking the Advanced tab:
    • Accept TLS site certificates -- select Yes to automatically accept certificates from unknown servers. Accepting certificates from unknown servers could be a security risk.
    • Accept expired TLS certificates -- select Yes to accept remote certificates on the server that have expired.
    • Send TLS certificates when asked (outbound connections only) -- select Yes to send your Internet certificates to the server you are connecting to if the server needs them. The server may need your certificate if you are using it for X.509 authentication or for possible mail encryption.
    • Verify account server name with remote server's certificates -- Select Enabled if you want Notes® to check that the server name you have entered in this account document matches the server name you connect to.
    • TLS protocol version -- Select Negotiated to have Notes® determine the TLS protocol needed to make the connection to the server you are accessing. Otherwise, select the specific protocol required from the server.
  8. Click Save and Close.