SECURING
About this task
You need to complete these steps for Internet and Notes clients who are creating new public and private keys for the Internet certificate. You do not need to complete these steps if you are using a Notes client and the CA issued certificates in the Person document of the Domino® Directory. Notes automatically adds Internet certificates stored in the Person document to the Notes ID file when the user authenticates with the server.
You can also set up Notes clients to use different certificates for signing and encryption. You designate one Internet certificate authentication and signing, and another for encryption.
To obtain an Internet certificate for a Notes client
The procedure that Notes clients follow to request an Internet certificate is the same whether a Domino CA or third-party CA issues the certificates.
Procedure
1. Have users request an Internet certificate.
2. The CA approves the request by signing the certificate, and Domino automatically adds the client's Internet certificate to the user's Person document.
3. Have users merge the Internet certificate into their ID file.
Results
For information on how Notes users request and merge Internet certificates into their ID files, see the IBM® Notes 9.0.1 Social Edition Help.
You can also issue Internet certificates for Notes clients in Person documents so that users aren't required to submit Internet certificate requests .
To obtain an Internet certificate for an Internet client from a Domino CA
1. If you are using a Domino server-based certification authority, browse to the Certificate Request application. If you are using a Domino 5 certificate authority, browse to the Domino Certificate Authority application.
3. Enter your name and organizational information. This information will appear on your Internet certificate.
4. Enter any additional contact information that you want to send to the CA.
5. Enter the size for the public and private keys. The larger the number, the stronger the encryption.
6. Click Submit Certificate Request to send the request to the CA.
To obtain an Internet certificate for an Internet client from a Third-party CA
The third-party CA determines how you request an Internet certificate. Browse to the third-party CA's site, and enter the certificate request. A dialog box appears that allows you to request the certificate.
Related concepts Dual Internet certificates for S/MIME encryption and signatures
Related tasks Signing an Internet client certificate and adding the certificate to the Domino Directory Issuing Internet certificates in a Person document Setting up Notes and Internet clients for SSL client authentication Creating Internet certificates for Notes S/MIME clients