Lotus Notes client

Import a Digital ID and Notes ID

The process to import a digital ID is different for iNotes users and Lotus Notes desktop users. If you are using both clients, you have to repeat the process twice, or import the digital ID in the Lotus Notes client first, then import the Notes ID which now includes the Internet Certificate into iNotes.

Lotus Notes: Import the Internet Certificate

Lotus Notes stores all certificates in the Notes ID file. Since the first release of Lotus Notes, security was based on private and public key pair. While the implementation is proprietary, the Lotus Notes authentication in principle works the same way as the x.509 authentication. In Notes, we have to distinguish between the Notes certificates and the Internet certificates. To import Internet certificate (digital ID), click on > File > Security > User Security ...

Navigate to the Your Certificate, click on Get Certificates and select Import Internet Certificates... Then follow the prompts.
Then highlight the imported certificate (under Internet Certificates) and click on Advanced. Select the certificate as the default signing certificate.
Don't forget to check the Sign mail that you send in the User preferences. The default is now set that all mail is being signed.
If you send mail within your own domain (Notes to Notes mail), the message will be signed using the Notes Certificate. When you send mail outside the domain to an Internet recipient, the mail will be signed with the Internet Certificate. You don't need to worry about any of these issues, the system takes care of the details.

Lotus Notes: Receiving a signed message

When you receive a signed message, you may get a Issue Cross Certificate request. Follow the instructions below.
When you open the message, the status bar displays the details about the signature. The system will notify you if the signature is invalid.

The public key of the sender is included in the email. This key can be extracted and stored in Contacts.
With the email message open, select
>More > Add Sender To Contacts

The dialog gives you the option to correct some of the entries. Make sure the Include X.509 option is checked.

Once you have the public key of the other party, you can exchange encrypted messages. Just check the encryption flag before you hit the send button. If the public key can not be found, the system will generate an error message.

When the system encounters an error in the signature, you will get a message similar to this.
You can still open and read the message, but be aware that the validation didn't pass.
Lotus Notes: Why do I get a Issue Cross Certificate request?

This message pops-up because you did not yet accept the certificate yet. You have two options to prevent this from happening again.

Option 1: Accept and cross certify the senders email. Just click on Cross certify and it's done.

By default the 'EMAIL=...' is highlighted and you cross certify this email address ONLY. If you get an email from another person that uses the same Certificate Authority, you have to cross certify this email as well.

Option 2: If you highlight the higher level certificate 'VeriSign...', then you cross certify every email that uses this Certificate Authority. So any subsequent sender using a VeriSign certificate will be automatically cross certified.

If you have multiple computers (desktop and laptop), the cross certify request will pop-up on every system.

The Cross Certify process adds an Internet Cross Certificate into your personal address book (Contacts). The entry shows that the cross certificate is issued by you (appearing in the category with your name).

First published on September 28, 2011

Timestamp: 11/16/2019 10:38:16 PM EST [on srv7cps]
1996 - 2019 STDI Consulting Inc.
All Rights Reserved