Requesting Internet certificates

You can request an Internet certificate from IBM® Domino® through your Domino administrator, or you can request an Internet certificate from another vendor. Regardless of where you request the Internet certificate from, you need to use the IBM Notes® browser to request it, so you can use the Internet certificate with Notes. Internet certificates can be used to sign and encrypt mail messages and make secure connections over the Internet.

About this task

If you receive an Internet certificate using another browser, such as Netscape, you need to export the Internet certificate from the browser and then import the Internet certificate into Notes.

When Internet certificates are about to expire, you need to renew them by the same path you took to request them originally. The last Internet certificate you add to your User ID becomes your default signing certificate.

Once you receive Internet certificates, you should create a backup of your User ID.

To request an Internet certificate from Domino through your administrator

Procedure

  1. Contact your administrator, letting him or her know that you want to request an Internet certificate. One of the following will happen:
    • Your administrator puts in the request for an Internet certificate for you. Once he or she receives and posts the certificate, you need to access your home server, and Notes automatically merges the Internet certificate into your User ID.
    • Your administrator refers you to a Web address, so you can request the Internet Certificate yourself. Using the Notes browser, open the URL your administrator sends you, and follow the rest of this procedure.
  2. If the URL that your administrator sends you is for a Domino Certificate Authority, click "Accept This Authority In Your Browser" before requesting a client certificate.
  3. Click the "Install Certificate" button when it appears. When prompted to install the Internet certificate authority certificate, click Yes.
  4. When the "Issue Cross Certificate" dialog box appears, click "Cross Certify." Click OK when the success message appears. This adds the Domino certificate authority certificate and an Internet cross certificate to your Contacts.
  5. Return to the original URL your administrator gave you and request a client certificate according to the instructions on the form for client certificate requests.
  6. When you receive an email from your administrator, it will include a unique identification number which you will need to pick up your Internet certificate. Please be sure to save the identification number.
  7. Using the Notes browser, follow the instructions that came with the email from your administrator to pick up the client certificate. You need to use the identification number which was sent to you to pick up your Internet certificate.

Results

Once you install the Internet certificate, it is placed in your User ID.

Note: If you want to use your Internet certificate at another workstation, you should take a copy of your User ID to the other computer.

To request an Internet certificate from another vendor

About this task

When you use User Security to request a new Internet certificate, your location configuration is changed as needed (usually to configure the Notes browser). It is important not to change your location configuration until you're done installing the new certificate. When your new certificate is completely installed, you'll automatically be prompted to revisit your location configuration if it was changed by User Security.

Procedure

  1. Click File > Security > User Security (Macintosh OS X users: Notes > Security > User Security).
  2. Click Your Identity > Your Certificates.
  3. Click Get Certificates > Request New Internet Certificate on the right side of the dialog box.
  4. Enter the entire URL of the certificate authority (CA) you want to request an Internet certificate from in the URL field. By default, Notes offers a few different URLs that you can use to request Internet certificates.
  5. Optional: Select "Avoid trust decisions by accepting all website certificates (reduces security)." If you do not select this option, you may get prompted to create cross certificates for Web server certificates you do not trust.
  6. Click the "Launch web page" button.
  7. Request a client certificate according to the website's instructions.
  8. If your Contacts does not have an Internet cross certificate for the CA you are requesting a certificate from, you may get a error saying "The Internet service certificate is not trusted. Do you want to take corrective action now (i.e. retrieve service certificate and decide whether to trust it)?" Click Yes, then click the Connect button when prompted. Click "Cross Certify" when prompted, then click OK when you see a message confirming that you have resolved trust errors. This will create an Internet cross certificate in your Contacts. Reload the Web page and continue with the rest of the vendor's instructions.
  9. When you receive an email from the vendor, it will include a unique identification number which you will need to pick up your Internet certificate. Please be sure to save the identification number.
  10. Using the Notes browser follow the instructions that came in the email from the vendor to pick up the client certificate. You need to use the identification number sent to you to pick up your Internet certificate.

Results

Once you install the Internet certificate, it is placed in your User ID.

Note: If you want to use your Internet certificate at another workstation, you should take a copy of your User ID to the other computer.
Related concepts:
Accessing servers using certificates
Related tasks:
Importing and exporting Internet certificates for use between browsers
Using dual Internet certificates for encryption and signatures
Retrieving certificates and cross certificates from your home server
Renewing Notes certificates before expiration
To retrieve an Internet cross certificate
Enabling Smartcards for Notes login