SECURITY


Setting up SSL on a server-based CA server
Because server administrators and clients use browsers to access the CA server to request and pick up certificates, use SSL to protect the CA server. When you set up the CA server for SSL, you create the server key ring file and request a server certificate. IBM® Lotus® Domino® automatically approves the server certificate and merges the CA certificate as a trusted root.

For information on approving server certificate requests for Lotus Domino servers that are not CA servers, see the topic Signing server certificates.

To set up SSL on a server-based CA server

1. Create an Internet certifier.

2. Create the Certificate Requests application (CERTREQ.NSF).

3. Do the following to create a server key ring file to store the server certificate, and merge the CA certificate as a trusted root into the server key ring file:


4. Do the following to transfer the certificate request to the Administration Requests database: 5. Have an authorized registration authority approve the request. This RA should be authorized for the certifier for which you are setting up SSL. 6. Transfer the certificate request out of the Administration Requests database: 7. After the CA signs the request for a server certificate and notifies you to pick up the certificate, do the following: 8. Do the following to merge the approved server certificate into the key ring file: 9. Configure the port for SSL: 10. Do the following to confirm that SSL is working on the server. If the Security indicator (a padlock icon) is closed (locked), you have successfully established a secure session over SSL.

Related topics