Lotus Domino Administrator 8.5 Help - Creating a CA key ring file and certificate

Creating a CA key ring file and certificate
When you use the Domino Administrator to create the CA key ring file, it is stored by default in the client's data directory.

Make sure that you keep the key ring file in a secure location, especially if you copy it to a shared location. To prevent unauthorized access, only the administrators that you specify should have access to the CA's key ring file and password.

To create a CA key ring file and certificate

1. Make sure you created the Domino Certificate Authority application.

2. From the Domino Administrator, click Files, and open the Domino Certificate Authority application.

3. Click Create Certificate Authority Key Ring & Certificate.

4. Complete these fields:

Field Action

Key ring file name Enter the explicit path and file name for the CA key ring. The default is CAKEY.KYR in the Domino Administrator's data directory. It's helpful to use the extension .KYR to keep server and CA key ring file names consistent.

Key ring password Specify a password for the key ring.

Password verify Enter the password entered into the previous field. This helps ensure the password is entered correctly.

Key Size Select the size of the public and private key pairs. The larger the size, the stronger the encryption.

Common name Enter a descriptive name that identifies the CA certificate -- for example, Acme SSLCA.

Organization Enter the name of the certifier organization. This is usually a company name, such as Acme.

Organizational Unit (Optional) Enter the division or department in which the certifier resides.

City or Locality (Optional) Enter the city or town where the certifier resides.

State or Province Enter three or more characters that represent the state or province where the certifier resides, such as Massachusetts. (For U.S. states, enter the complete state name, not the abbreviation.)

Country Enter the two-character representation of the country where the certifier resides -- for example, US for United States or CA for Canada.

Note

The Common name, Organization, Organizational Unit, City or Locality, State or Province, and Country make up the CA server's distinguished name. Choose the CA name carefully; it is a costly process to reissue certificates if you change the name.

5. Click Create Certificate Authority Key Ring.

6. After you review the information about the key ring file and CA name, click OK.

7. Make a backup copy of the Certificate Authority key ring file, and store it in a secure location.

8. Configure the Domino Certificate Authority application profile.

To change the password for the CA key ring file

To ensure the continued security of the CA key ring file, periodically change its password.

1. From the Domino Administrator, click Files, and open the Domino Certificate Authority application.

2. Click View Certificate Authority Key Ring, and then click Change CA Key Ring Password.

3. Enter the old password, and then click OK.

4. Enter a new password, and then click OK.

Configuring the Domino Certificate Authority application profile

Setting up a Domino 5 certificate authority

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary

Field	Action
Key ring file name	Enter the explicit path and file name for the CA key ring. The default is CAKEY.KYR in the Domino Administrator's data directory. It's helpful to use the extension .KYR to keep server and CA key ring file names consistent.
Key ring password	Specify a password for the key ring.
Password verify	Enter the password entered into the previous field. This helps ensure the password is entered correctly.
Key Size	Select the size of the public and private key pairs. The larger the size, the stronger the encryption.
Common name	Enter a descriptive name that identifies the CA certificate -- for example, Acme SSLCA.
Organization	Enter the name of the certifier organization. This is usually a company name, such as Acme.
Organizational Unit	(Optional) Enter the division or department in which the certifier resides.
City or Locality	(Optional) Enter the city or town where the certifier resides.
State or Province	Enter three or more characters that represent the state or province where the certifier resides, such as Massachusetts. (For U.S. states, enter the complete state name, not the abbreviation.)
Country	Enter the two-character representation of the country where the certifier resides -- for example, US for United States or CA for Canada.