Create Self-Certificate via Lotus Domino

Mindwatering Incorporated

Author: Tripp W Black

Created: 04/13/2009 at 12:26 PM

 

Category:
Domino Upgrades / Installations
Software (Re)Configuration

Steps to generate a self-certificate via Domino:

1. Open the Server Certificate Admin application database called CERTSRV.NSF in Domino Web server.
(If you don't have one yet, create it via the template.)

2. On the main menu, select the option Create Key Ring with Self-Certified Certificate.
(If you already have one, skip to the last step.)

3, Enter the following information to generate a self-certified certificate:
  • Key Ring File Name (e.g. mwinternal.kyr)
  • Key Ring Password
  • Common Name (e.g. myserver.mindwatering.local, the FQDN of the Domino server - matches the FQDN on the server document or an Internet Site document.)
  • Organization (e.g. mwportal)
  • State or Province (e.g. North Carolina - SPELL THIS OUT - this will work here as NC but it won't be "proper". )
  • Country (an example is US)

4. Generate the key ring, two file will be created. (e.g. mwinternal.kyr and mwinternal.sth).
Locate them. They may be on your local workstation. Copy them to the server and install them into the Server document or the Internet Site web document.
Detailed instructions are in the Admin help database. Restart the http task or tell it to refresh its configuration after making the changes.

5. Test the new self certifier:
Using a browser, test the web server using SSL. (e.g. https://myserver.mindwatering.local).
You should get a prompt as the certificate is self certified and not trusted. Click the option to View Certificate.


To export the certificate w/IE:
1. View Certificate
2. Select the Detail tab, Click the Copy to File button.
3. Select Base-64 encoded X.509, which is CER format.
4. Save the file (e.g. mwinternal.cer)

previous page