Domino server-based certification authority
You can set up a Domino® certifier that uses the CA process server task to manage and process certificate requests. The CA process runs as a process on Domino servers that are used to issue certificates. When you set up a Notes® or Internet certifier, you link it to the CA process on the server in order to take advantage of CA process activities. Only one instance of the CA process can run on a server; however, the process can be linked to multiple certifiers.
You can set up both Notes and Internet certifiers to use the CA process. Notes certifiers are registered and then migrated to the CA process. Internet certifiers, however are created and registered using the CA process.
Consider using the CA process because it:
- Provides a unified mechanism for issuing Notes and Internet certificates.
- Supports the registration authority (RA) role, which you use to delegate the certificate approval/denial process to lower-echelon administrators in the organization.
- Does not require access to the certifier ID and ID password. After you enable certifiers for the CA process, you can assign the registration authority role to administrators, who can then manage certificate requests without having to provide the certifier ID and password.
- Simplifies the Internet certificate request process through a Web-based certificate request database.
- Issues certificate revocation lists, which contain information about revoked Internet certificates.
- Creates and maintains the Issued Certificate List (ICL), a database that contains information about all certificates issued by the certifier, including the policy and a copy of the certifier ID file.
- Is compliant with security industry standards for Internet certificates -- for example, X.509 and PKIX.
To manage the CA process from the Domino console, you use a set of server Tell commands.