SECURING YOUR DATA


Accessing servers using certificates
A certificate is an electronic stamp, like a stamp on a passport, which verifies to a server that you are who you say you are. Certificates are stored in your User ID. When you first receive your User ID from your administrator, it contains a NotesR certificate. You may decide to use Internet certificates as well. (You may see Internet certificates being referred to as X.509 certificates.)

You can view all of the certificates in your User ID by choosing File > Security > User Security (Macintosh OS X users: Lotus Notes > Security > User Security), and then clicking Your Identity > Your Certificates.

What are Notes certificates?

When you want to access any IBMR LotusR DominoR server, whether it be your mail server or an HR server in your company, you need a certificate to identify yourself to that server, and the server needs a certificate to identify you.

IBM Lotus NotesR certificates in Lotus Notes Release 5 and later use hierarchical names, so the certificate authority's name is part of the certificate's name. (The certificate authority, or CA, is the entity that created your certificate and issued it to you.) For example, your certificate might look like this: Joe User/ACME, where Joe User is your name and ACME is your CA's name.

There are three types of Lotus NotesR certificates you can have in your User ID:


What are Internet certificates?

When you want to access a secure Web site that requires an SSL connection, such as www.verisign.com, where S is added before the HTTP that precedes the address, or you want to encrypt or sign mail that is sent over the Internet, you need an Internet certificate. Usually you store Internet certificates in a Web browser, such as Netscape or Internet Explorer; however, you can also store Internet certificates in your User ID to be used with the Lotus Notes browser or with Lotus Notes mail. Internet certificates often contain an e-mail address. Because Internet certificate names are lengthy, Lotus Notes displays the e-mail address in a short format as a way of showing who the certificate belongs to. If there isn't an e-mail address available, Lotus Notes displays the most significant part of the Internet certificate name. For example, you could have an Internet certificate that looks similar to this: CN=ACME Internet CA/O=ACME/S=MASS/C=US. The portion of this certificate Lotus Notes displays is "ACME Internet CA."

If you need to see the entire name associated with your personal Internet certificate, you can choose File > Security > User Security (Macintosh OS X users: Lotus Notes > Security > User Security, click Your Identity > Your Certificates, select "Your Internet Certificates" from the drop-down list, and click the "Advanced Details" button. To see details of other people's Internet certificates, see Certificates for people or services.

Your Internet certificates are identified by Lotus Notes as Internet Multi-purpose certificates. Within Lotus Notes, this type of certificate is used to access secure Web pages using the Lotus Notes browser, to send and receive secure mail using Internet-style Lotus Notes mail (S/MIME), and to secure connections to Internet services using Secure Socket layer (SSL) connections.

Note: The Internet certificate that is designated as the default signing certificate for SMIME e-mail is indicated with a check mark in the icon next to the certificate name.

Note: Unlike Lotus Notes certificates, you can use one Internet certificate to sign messages and another Internet certificate for encryption. See Using dual Internet certificates for encryption and signatures for more information.

Related topics
Renewing Notes certificates before expiration
Requesting Internet certificates
Your Notes User ID and how to store it
Certificates for people or services
Certificate authorities and the certificates they issue
Certificates in your ID file