Yes, Your Notes Client can Securely Transfer (SSL/TLS) email for SMTP, POP
or IMAP Protocols
While I have been working with IBM/Lotus Notes for a long
time, I was asked to attempt something I had never done before…set up Notes client
to access other mail systems that enforce SSL/TLS.
I have set up the Notes client to use SMTP, POP3 or IMAP
many times in the past. Now, most email providers, due to security concerns,
require the use of an encrypted protocol to send and receive email from their
servers, SSL and TLS. SSL and TLS require a signed certificate from a Trusted
Certification Authority identifying the server(s). When Server A wants to send
email to Server B, Server B asks Server A for its certificate, authenticating Server
A. I have set up at least 200 Domino servers with SSL and TLS.
Believe me, the process to set up SSL/TLS on a Domino server
can be a challenge; especially now that every Certification Authority (CA)
requires the use of SHA-2 certificates. It requires keyring file, key,
certificate signing request, then purchase of the certificate from a CA, and
finally you have to merge all of these back into your keyring before you can
set the Domino server to use them.
But when a Notes client is operating independently of a
Domino server to communicate with other mail systems, it must have its own
certificate. In newer Notes clients, when creating an Account Settings
document, there are Connection Security options for POP and IMAP and the
ability to initiate STARTTLS for sending outbound SMTP email.
But where are the instructions for creating a keyring file and requesting a certificate for a Notes client? The instructions in the help file tell you all about the Account settings and where to set SSL, but nowhere in that document does it mention that a certificate is required before it will work. After Googling for what seemed like hours, I found this article “SSL and S/MIMI for clients” which mentions adding an internet certificate to a notes.id.file. Sure enough, that is the missing link, and adding the certificate is not all that hard to do.
You purchase a “Personal Certificate” from a CA. A personal
certificate is issued as a verification of your email address. I used Comodo
Personal Authentication Certificate – CPAP Basic because it was the least expensive
I could find. After going through the purchase process and verifying the email
address on their web site, the certificate is installed in your Firefox or IE browser
(doesn’t support Microsoft Edge or Google Chrome). You export the certificate
from your browser and save it as a .p12 file with a password, and then you
import that into your notes.id file (File – Security – User Security)
Instructions for doing the import are located in the help file.
With that in place, you can use the Notes client with your Gmail, O365, Yahoo email accounts.
*SMTP – Simple Mail Transfer Protocol POP – Post Office Protocol IMAP – Internet Message Access Protocol SSL – Secure Sockets Layer TLS – Transport Layer Security SHA-2 – Secure Hash Algorithm 2 S/MIME – Secure/Multipurpose Internet Mail Extensions