logorte
Lotus Notes 8.5

Lotus Notes 8.5

Installing RTE Historical CA certificate

RTE’s certificates will be installed by "Cross certification" when you received your first signed-encrypted email from the application (see here).

The "Cross certification" is a process which makes a user able to install the certificate of another entity while he receives a message form that entity. Messages sent to that specific entity will be encrypted with that "Cross certification".


Installing your personal certificate

Creation of a PKCS#12 file readable by Notes

Lotus Notes can install a certificate and its associated private key only from a PKC #12 file that contains RTE Historical CA. This is not the case for the file "name_certificate.p12" you downloaded when you retrieved your certificate.

To generate a file accepted by Lotus Notes, install RTE Historical CA and your certificates in a browser and then export your personal certificate as a PKCS#12 file. Depending on the browser you are using, perform one of the procedures below.
  • With Microsoft Internet Explorer:
    • Install RTE Historical CA certificate, see click here.
    • Install your personal certificate making sure to check the case "Mark this key as exportable", click here.
    • Export your certificate in a PKCS#12 file and check the case "Include all certificates in the certification path if possible", click here.
  • With Mozilla Firefox:
    • Install RTE Historical CA certificate, see click here.
    • Install your personal certificate, see click here.
    • Export your certificate to a PKCS#12 file, see click here (RTE Historical CA will automatically be included).

Installing the PKCS#12 file in Notes

Start Lotus Notes and access to "File > Security > User Security…":
5.2.2 - 1.jpg
If requested, enter your Notes password:
5.2.2 - 2.jpg
The following window appears:
5.2.2 - 3.jpg
Click "Your Identity" then "Your Certificates":
5.2.2 - 4.jpg
Select "Your Internet Certificates" in the drop-down list to display the Internet certificates already imported.

Click the "Get Certificates…" button and select "Import Internet Certificates…":
5.2.2 - 5.jpg
A window appears asking you to select a PKCS#12 file (extension ".pfx" or ".p12"). Select the file you generated at here containing your personal certificate, its private key and RTE Historical CA’s certificate:
5.2.2 - 6.jpg
Click "Open".

In the window below choose the formatPKCS12:
5.2.2 - 7.jpg
Click "Continue". The PKCS12 file’s password is requested:
5.2.2 - 8.jpg
Click "OK".

the window below is displayed:
5.2.2 - 9.jpg
Your personal certificate you want to import, and the RTE Historical CA’s certificate, are listed. If you click "Advanced Details…" the content of the selected certificate (yours) appears in the window:
5.2.2 - 10.jpg
Click "Cancel" to go back to the previous window.

To see the content of RTE Historical CA’s certificate, you must select it:
5.2.2 - 11.jpg
And click "Advanced Details…":
5.2.2 - 12.jpg
To ensure that you have downloaded the real RTE Historical CA's certificate, check carefully that the "SHA1" hash displayed is identical to the one shown below.
Digital hash of the certificate "RTE Certification Authority" SHA1

SHA1 39:83:D6:10:A2:C4:D5:60:45:A0:C1:D0:E3:FA:E1:42:45:8A:37:12
If this is not the case: click "Close" to go back to the precedent window and click "Cancel" then call RTE’s Hotline (click here).

Click "Close" to go back to the main screen:
5.2.2 - 13.jpg
Click "Accept All".
5.2.2 - 14.jpg
Enter your Notes password and click "OK".
5.2.2 - 15.jpg
Click "OK", the window below appears:
5.2.2 - 16.jpg
The certificate, now visible here, has successfully been imported. Click "OK" to end the import.


Visualization of the certificate

To view your certificate, access the menu "File > Security > User Security…", then click the item "Your Identity" and "Your Certificates".
Select "Your Internet Certificates" in the drop-down list.
5.2.3 - 1.jpg
Select your personal certificate and click the "Advanced Details…" button.

The certificate’s details are then presented in the window below:
5.2.3 - 2.jpg
To view RTE Historical CA's certificate, access the menu "File > Security > User Security…", then click the item "Your Identity" and "Your Certificates". Select "All Internet Certificates" in the drop-down list.
5.2.3 - 3.jpg
To see the content of RTE Historical CA’s certificate, you must select it, and click "Advanced Details…":
5.2.3 - 4.jpg
To ensure that you have downloaded the real RTE Historical CA's certificate, check carefully that the "SHA1" hash displayed is identical to the one shown below.
Digital hash of the certificate "RTE Certification Authority" SHA1

SHA1 39:83:D6:10:A2:C4:D5:60:45:A0:C1:D0:E3:FA:E1:42:45:8A:37:12
If this is not the case: click "Close" to go back to the precedent window and click "Cancel" then call RTE’s Hotline (click here).


Email account configuration

If you have multiple certificates used to sign your sent messages, you have to set by default the one that will serve for exchanges with RTE.

In Lotus Notes, open the menu "File > Security > User Security…", then click "Your Identity" and "Your Certificates":
5.3 - 1.jpg
Select "Your Internet Certificates" in the drop-down list to display your Internet certificates that are already imported.

Select your certificate and click the "Advanced Details" button.
5.3 - 2.jpg
If you only have one certificate, the case "Use this certificate as your default signing certificate" will be grey and checked. If not, check it, as above, and click "OK".


Installing RTE’s application certificate

When you select, for the first time, a signed and encrypted message you received a dialog box similar to the one below appears, allowing you to give your trust to the issuer:
5.4 - 1.jpg
For this, you must click on the "Cross certify" button.

Then, when you display this signed received message, you will need to choose the "Add Sender to Contacts…" in the menu by right-clicking on the email, which will add the issuer and its certificate to your book Address.
5.4 - 2.jpg
The following window appears:
5.4 - 3.jpg
Only verify that the case "Include X.509 certificates when encountered" is checked and click "OK".

Whenever an encrypted email will be sent to this application, its installed certificate will now automatically be selected to perform the encryption.


Using the certificate: sending a signed-encrypted email

When composing a message, you can sign and encrypt it if you own your signature certificate (click here) and that of your correspondent.

For that, when you write a new message, you must click the "Delivery Options" button.
5.5 - 1.jpg
Check the "Sign" and "Encrypt" cases as shown below:
5.5 - 2.jpg
Click "OK".

The rest of the mailing process has no more particularity, Notes then automatically signs and encrypts your message transparently.