Using local X.509 certificates for authentication

Beginning in HCL Traveler for Microsoft Outlook (HTMO) 3.0.1, the HTMO client is able to authenticate with the Domino/Traveler server using certificate based authentication instead of using password based (Basic) Authentication.


  • Traveler 11.0.1
  • Root X.509 certificates configured on your Domino Traveler server
  • X.509 public/private keys generated for each user
  • User record and/or ID vault configured with X.509 certificate/public key
Note: For extensive information on configuring the Domino server to allow clients to connect using certificate based authentication, see SSL and S/MIME for clients and all related articles.

The following steps describe how to configure client for X.509 authentication:

Step one: Add Trusted Root Certificate

  1. In your browser, open Control Panel > Internet Options > Content > Certificates.
  2. Click Import to open the Certificate Import Wizard, then hit Next.
  3. Browse to select the file containing the trusted root certificate, and click Next.
  4. Browse to select the Certificate Store named Trusted Root Certification Authorities, and click Next.
  5. Verify the information and click Finish.
  6. In the Certificates window, click the Trusted Root Certification Authorities tab and verify that the certificate was added.

Step two: Install user private key into Certificate Store

  1. In your browser, open Control Panel > Internet Options > Content > Certificates.
  2. Click Import, and browse to the directory where your .p12 private key is.
  3. Enter the certificate password and click Next.
  4. Confirm connectivity with certificate by going to https://<insert your server name here>/traveler.

Step three: Setup your Outlook profile to use certificate

  1. Install Outlook 2016, 2019, or Outlook for Office365 (don't launch).
  2. Install HCL Traveler for Microsoft Outlook (HTMO) 3.0.1 or higher.
  3. Run one of the following commands:
    • Open a browser or Windows File Explorer, and enter this command in the address input area:
    • Open a Windows Command Prompt, navigate to the HTMO install location (C:\Program Files\HCL\HCL Traveler for MS Outlook) and run this command:
      htmo_tools.exe url "htmo:set_config?AllowCertAuth=1"
  4. Configure Outlook. For more information, see Adding a new Microsoft Outlook profile.
  5. During the account setup, choose the same certificate that you installed in step two.

Domino/Traveler server configuration steps

It is recommended that you configure Domino for X.509 and validate it with iNotes before you continue configuring for Outlook. For more information, see Using X.509 certificates for mail and document encryption in the Domino documentation.