CONFIGURING
Domino requires a secure, trusted connection to the ICAP server for virus scanning. You must establish that you trust one or more of the ICAP server's root certificates before virus scanning can operate. Domino stores data about trusted roots in certstore.nsf. To simply the configuration process, the trusted root for the connection can be automatically imported from the ICAP server using an action in the cscancfg.nsf configuration document. This process involves both certstore.nsf and cscancfg.nsf.
Procedure
1. Ensure that certstore.nsf exists. If it does not, see the Using a credential store to store credentials section for instructions on creating a certstore.nsf appropriate to your environment.
2. Select the Scan Config tab of your cscancfg.nsf configuration document and specify all the settings under Scan Configuration.
3. Click the Import Trusted Root via CScan Connectionaction to invoke the import process on the server. A dialog similar to the one shown below will display. Click OK. The server on which you have opened cscancfg.nsf will initiate a TLS connection to the configured ICAP server and import its root certificates into certstore.nsf on that same server.
4. Use the Open Certificate Store action to open cerstore.nsf on the same server on which you opened cscancfg.nsf, and open the Trusted Roots view.
6. Now, validate the trusted root as follows:
b. Open the document for a root certificate that you want to examine. Verify that the Status is Pending Validation and the Certificate status is Valid.
c. Verify the name and fingerprint of the new certificate.
d. Use the action Mark trusted root validated to validate the trusted root.
e. Save the trusted root document. The status of the certificate document will now be Issued to indicate it is a trusted root.
Parent topic: Scanning message attachments for viruses