REFERENCE


Setting up SSL on the CA server
Because server administrators and clients use browsers to access the CA server to request and pick up certificates, use SSL to protect the CA server. When you set up the CA server for SSL, you create the server key ring file and request a server certificate. Domino automatically approves the server certificate and merges the CA certificate as a trusted root.

1. Make sure you configured the Domino Certificate Authority application profile.

2. From the Domino Administrator, click the Files tab, and open the Domino Certificate Authority application.

3. Click Create Server Key Ring & Certificate.

4. Complete these fields:
FieldAction
Key ring file nameEnter the name of the server key ring file. By default, this is stored in the data directory of the Domino Administrator used to create the file. Do not use the same name as the CA key ring file.
Key ring passwordSpecify a password for the key ring.
Password verifyEnter the password entered into the previous field. This helps ensure the password is entered correctly.
Key sizeSelect the size of the public and private key pairs. The larger the size, the stronger the encryption.
CA certificate labelEnter the label to display when you view the CA certificate in the server key ring file.
Common nameEnter the TCP/IP fully-qualified host name -- for example, www.lotus.com.

Set up the server certificate so that the common name matches the DNS name, since some browsers check for this match before allowing a connection.

OrganizationEnter the name of the certifier organization. This is usually a company name, such as Acme.
Organizational Unit(Optional) Enter the division or department where the certifier organization resides.
City or Locality(Optional) Enter the city or town where the certifier organization resides.
State or ProvinceEnter three or more characters that represent the state or province where the certifier organization resides, such as Massachusetts. (For U.S. states, enter the complete state name, not the abbreviation.)
CountryEnter a two-character representation of the country where the certifier organization resides -- for example, US for United States or CA for Canada.
5. Click Create Server Key Ring.

6. Enter the CA key ring file password, and then click OK. The server SSL key ring file is created.

7. Copy the server key ring file to the Domino data directory on the server. The Domino Certificate Authority application creates the file locally; however, the server needs the key ring file to use SSL.


8. Configure the SSL port. Enable server authentication on the server.

See also