Setting Up Notes Client for SSL/TLS Mail

No Comments

Yes, Your Notes Client can Securely Transfer (SSL/TLS) email for SMTP, POP or IMAP Protocols

While I have been working with IBM/Lotus Notes for a long time, I was asked to attempt something I had never done before…set up Notes client to access other mail systems that enforce SSL/TLS.

I have set up the Notes client to use SMTP, POP3 or IMAP many times in the past. Now, most email providers, due to security concerns, require the use of an encrypted protocol to send and receive email from their servers, SSL and TLS. SSL and TLS require a signed certificate from a Trusted Certification Authority identifying the server(s). When Server A wants to send email to Server B, Server B asks Server A for its certificate, authenticating Server A. I have set up at least 200 Domino servers with SSL and TLS.

Believe me, the process to set up SSL/TLS on a Domino server can be a challenge; especially now that every Certification Authority (CA) requires the use of SHA-2 certificates. It requires keyring file, key, certificate signing request, then purchase of the certificate from a CA, and finally you have to merge all of these back into your keyring before you can set the Domino server to use them.

But when a Notes client is operating independently of a Domino server to communicate with other mail systems, it must have its own certificate. In newer Notes clients, when creating an Account Settings document, there are Connection Security options for POP and IMAP and the ability to initiate STARTTLS for sending outbound SMTP email. 

But where are the instructions for creating a keyring file and requesting a certificate for a Notes client? The instructions in the help file tell you all about the Account settings and where to set SSL, but nowhere in that document does it mention that a certificate is required before it will work. After Googling for what seemed like hours, I found this article “SSL and S/MIMI for clients” which mentions adding an internet certificate to a notes.id.file. Sure enough, that is the missing link, and adding the certificate is not all that hard to do.

You purchase a “Personal Certificate” from a CA. A personal certificate is issued as a verification of your email address. I used Comodo Personal Authentication Certificate – CPAP Basic because it was the least expensive I could find. After going through the purchase process and verifying the email address on their web site, the certificate is installed in your Firefox or IE browser (doesn’t support Microsoft Edge or Google Chrome). You export the certificate from your browser and save it as a .p12 file with a password, and then you import that into your notes.id file (File – Security – User Security) Instructions for doing the import are located in the help file.

With that in place, you can use the Notes client with your Gmail, O365, Yahoo email accounts.

*SMTP – Simple Mail Transfer Protocol
POP – Post Office Protocol
IMAP – Internet Message Access Protocol
SSL – Secure Sockets Layer
TLS – Transport Layer Security
SHA-2 – Secure Hash Algorithm 2
S/MIME – Secure/Multipurpose Internet Mail Extensions

Request a free quote

WorkFlow Studios is an IBM Premier Partner helping clients achieve excellence in three key areas: Collaboration, Business Intelligence and Process Management.

HCL Spotlight: What You Need to Know

As you may be aware, The IBM Collaboration Software sale to HCL…
Continue reading

HCL Factory Tour Day 2 & 3 Updates

Chutzpah -- that’s the single word descriptor that comes to mind when…
Continue reading

HCL Factory Tour Day 1 Highlights

Tuesday was Day 1 of the HCL Factory Tour in Chelmsford, MA. …
Continue reading

Latest HCL News from WFS

Client Advocacy Program: If you are an existing IBM Domino Customer or…
Continue reading