• When you receive a digitally signed mail message, IBMR Lotus NotesR checks your Contacts for a cross certificate that indicates that the signing certificate included with the message is trusted
• NotesR checks to see if you trust certificates issued to servers when you access servers
• When you are using the Notes browser to view a secure Web page and you don't trust the Web site's certificate

You can create a cross certificate for the certificate authority (CA), which indicates trust for all people and servers who have a certificate issued by that CA, or you can create a cross certificate for the individual certificate you have encountered.

Creating a cross certificate is equivalent to marking the certificate as trusted in User Security > Identity of Others (see Certificates for people or services). You can always choose to trust certificates through User Security if you do not want to make the decision to trust a certificate at this time.

Do one of the following in the "Create Cross Certificate" dialog box:

• Click Yes to automatically cross-certify the Notes root CA of the User or server ID, for example /ACME, and put the cross certificate in your Contacts. Note that you can only access a server if that server has cross-certified you or your organization, or if the server allows anonymous access. To cross certify with the certificate for the Notes organizational unit CA instead of the certificate for the Notes root CA, click the Advanced button, and choose the organization name in the "Subject name" list, for example /ABC/ACME.When you are prompted to create an Internet cross certificate, the default is to cross certify the individual or Web site's certificate by clicking Yes. To cross certify the organizational unit CA or root CA level, you must click the Advanced button. You should think very carefully before cross certifying an Internet CA.

  Note: To avoid the possibility of cross certifying an impostor, call someone trustworthy from the named organization and find out the organization public key.

• Click No to prevent creation of a cross certificate. You then see a message offering you unauthenticated access to the server or the ability to read the signed message without verifying the signature. The warning message appears each time you connect to a server in that organization or read a signed message from a user in that organization. If you click No for a cross certificate when you have been attempting to access a secure Web page with the Notes browser, the page is not loaded and the Web page that is shown gives instructions on how to fix the problem later in User Security.

Glossary

Help on Help

All Help Contents

Glossary

Help on Help