SECURITY


Merging a CA certificate as a trusted root
The server certificate must contain the CA certificate as a trusted root. The trusted root allows servers and clients that have a common CA certificate to communicate. Before you merge a server certificate signed by a CA, merge the CA certificate into your key ring file as a trusted root.

From a Domino CA

Note This procedure is the same regardless of whether you are using an IBM® Lotus® Domino® server-based certification authority or a Domino 5 certificate authority.

1. Make sure that you requested the server certificate and mapped a drive to the directory that contains the key ring file.

2. Browse to the certificate authority application (the Certificate Requests application for a server-based certification authority, and the Domino Certificate Authority for a Domino 5 Certificate Authority) on the Domino CA.


3. Click "Accept This Authority in Your Server."

4. Highlight the certificate text and copy it to the system Clipboard (include the Begin Certificate and End Certificate lines).

5. From the IBM® Lotus® Notes® client, open the Server Certificate Admin application.

6. Click "Install Trusted Root Certificate into Key Ring."

7. Enter the name of the key ring file that will store this certificate. You specified this name when you created the server certificate request.

8. Enter the name that the key ring file will use to identify this certificate. If you leave this field blank, Domino uses the distinguished name of the certificate.

9. In the Certificate Source field, choose Clipboard. Paste the Clipboard contents into the next field.

10. Click "Merge Trusted Root Certificate into Key Ring."

11. Enter the password for the key ring file, and then click OK.

12. Have the CA sign the server certificate.

From a third-party CA

View the default trusted roots in the key ring file to make sure the third-party CA's certificate is not already included. If it is already included, you do not need to complete these steps.

1. Make sure that you requested the server certificate and mapped a drive to the directory that contains the key ring file.

2. Browse to the Web site of the CA and obtain the CA's trusted root certificate. In most cases, the trusted root certificate is in a file attachment, or the certificate is available for you to copy to the Clipboard.

3. From the Lotus Notes client, open the Server Certificate Admin application.

4. Click "Install Trusted Root Certificate into Key Ring."

5. Enter the name of the key ring file that will store this certificate. You specified this name when you created the server certificate request.

6. Enter the name that the key ring file will use to identify this certificate. If you leave this field blank, Domino uses the distinguished name of the certificate.

7. Do one of the following:

8. Click "Merge Trusted Root Certificate into Key Ring."

9. Enter the password for the key ring file, and then click OK.

10. Have the CA complete the procedure "Signing server certificates."

Related topics