Lotus Domino Administrator 8.5 Help - Setting up SSL on the CA server

Setting up SSL on the CA server
Because server administrators and clients use browsers to access the CA server to request and pick up certificates, use SSL to protect the CA server. When you set up the CA server for SSL, you create the server key ring file and request a server certificate. Domino automatically approves the server certificate and merges the CA certificate as a trusted root.

1. Make sure you configured the Domino Certificate Authority application profile.

2. From the Domino Administrator, click the Files tab, and open the Domino Certificate Authority application.

3. Click Create Server Key Ring & Certificate.

4. Complete these fields:

Field Action

Key ring file name Enter the name of the server key ring file. By default, this is stored in the data directory of the Domino Administrator used to create the file. Do not use the same name as the CA key ring file.

Key ring password Specify a password for the key ring.

Password verify Enter the password entered into the previous field. This helps ensure the password is entered correctly.

Key size Select the size of the public and private key pairs. The larger the size, the stronger the encryption.

CA certificate label Enter the label to display when you view the CA certificate in the server key ring file.

Common name Enter the TCP/IP fully-qualified host name -- for example, www.lotus.com.
Set up the server certificate so that the common name matches the DNS name, since some browsers check for this match before allowing a connection.

Organization Enter the name of the certifier organization. This is usually a company name, such as Acme.

Organizational Unit (Optional) Enter the division or department where the certifier organization resides.

City or Locality (Optional) Enter the city or town where the certifier organization resides.

State or Province Enter three or more characters that represent the state or province where the certifier organization resides, such as Massachusetts. (For U.S. states, enter the complete state name, not the abbreviation.)

Country Enter a two-character representation of the country where the certifier organization resides -- for example, US for United States or CA for Canada.

5. Click Create Server Key Ring.

6. Enter the CA key ring file password, and then click OK. The server SSL key ring file is created.

7. Copy the server key ring file to the Domino data directory on the server. The Domino Certificate Authority application creates the file locally; however, the server needs the key ring file to use SSL.

Note

If you choose to store the server key ring file in some place other than the Domino data directory, you must specify the full directory path to it in the Server document or Site document.

8. Configure the SSL port.

9. Enable server authentication on the server.

Configuring a port for SSL

Setting up a Domino 5 certificate authority

SSL security

Setting up SSL on a Domino server

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary

Field	Action
Key ring file name	Enter the name of the server key ring file. By default, this is stored in the data directory of the Domino Administrator used to create the file. Do not use the same name as the CA key ring file.
Key ring password	Specify a password for the key ring.
Password verify	Enter the password entered into the previous field. This helps ensure the password is entered correctly.
Key size	Select the size of the public and private key pairs. The larger the size, the stronger the encryption.
CA certificate label	Enter the label to display when you view the CA certificate in the server key ring file.
Common name	Enter the TCP/IP fully-qualified host name -- for example, www.lotus.com. Set up the server certificate so that the common name matches the DNS name, since some browsers check for this match before allowing a connection.
Organization	Enter the name of the certifier organization. This is usually a company name, such as Acme.
Organizational Unit	(Optional) Enter the division or department where the certifier organization resides.
City or Locality	(Optional) Enter the city or town where the certifier organization resides.
State or Province	Enter three or more characters that represent the state or province where the certifier organization resides, such as Massachusetts. (For U.S. states, enter the complete state name, not the abbreviation.)
Country	Enter a two-character representation of the country where the certifier organization resides -- for example, US for United States or CA for Canada.