Dear all,
I checked out the Domino PKI and related S/MIME mail exchange functionalities
using Notes/Domino 6.0. Here are some questions:
- Issuing an internet certificate to Notes registered user can be done by the
administrator by selecting the users and using Actions - Add internet cert to
selected people. It is said in the documentation that a public key already
stored in the Notes ID are used for certification. Does anybody know what
kind of key this is ? I assume it can´t be one of the Notes keys, as the key
used for internet certification is 1024 bit long while Notes keys are shorter (630 bit).
Also, when I update the Notes keys and re-issue a new internet certificate
afterwards the public key used for certification remains the same as before.
- In the “Issued Certification Lists” I can view the used default profiles for
internet certificates (under “Configurations”). How can I modify these profiles,
such that I can add further extensions to internet certificates ?
- S/MIME tests indicate that the Notes Clients 6 ignore the CRLs issued by
the internet certifier, i.e., they neither use LDAP to get the revocation list nor
an internal mechanism. Is that correct or how can I configure the Notes Client
to enable this feature ?
- How can I convince the Notes Directory to accept “Write access” via LDAP ?
I enabled the “Allow LDAP users write access” feature in the LDAP settings and
ensured that the administrator has “Manager” privileges in the Directory ACL.
However, write operations still fail with “Insufficient access rights”.
Thanks a lot for your help in advance,
Markus Michel