Lotus Domino Administrator 8 Help - Merging a CA certificate as a trusted root

SECURITY

Merging a CA certificate as a trusted root
The server certificate must contain the CA certificate as a trusted root. The trusted root allows servers and clients that have a common CA certificate to communicate. Before you merge a server certificate signed by a CA, merge the CA certificate into your key ring file as a trusted root.

From a Domino CA

Note This procedure is the same regardless of whether you are using an IBM® Lotus® Domino™ server-based certification authority or a Domino 5 certificate authority.

1. Make sure that you requested the server certificate and mapped a drive to the directory that contains the key ring file.

2. Browse to the certificate authority application (the Certificate Requests application for a server-based certification authority, and the Domino Certificate Authority for a Domino 5 Certificate Authority) on the Domino CA.

Note

If you use Microsoft®Internet Explorer, use HTTP to connect to the application.

3. Click "Accept This Authority in Your Server."

4. Highlight the certificate text and copy it to the system Clipboard (include the Begin Certificate and End Certificate lines).

5. From the IBM® Lotus® Notes® client, open the Server Certificate Admin application.

6. Click "Install Trusted Root Certificate into Key Ring."

7. Enter the name of the key ring file that will store this certificate. You specified this name when you created the server certificate request.

8. Enter the name that the key ring file will use to identify this certificate. If you leave this field blank, Domino uses the distinguished name of the certificate.

9. In the Certificate Source field, choose Clipboard. Paste the Clipboard contents into the next field.

10. Click "Merge Trusted Root Certificate into Key Ring."

11. Enter the password for the key ring file, and then click OK.

12. Have the CA sign the server certificate.

From a third-party CA

View the default trusted roots in the key ring file to make sure the third-party CA's certificate is not already included. If it is already included, you do not need to complete these steps.

For more information, see the topics Default Domino SSL trusted roots and Viewing SSL server certificates.

1. Make sure that you requested the server certificate and mapped a drive to the directory that contains the key ring file.

2. Browse to the Web site of the CA and obtain the CA's trusted root certificate. In most cases, the trusted root certificate is in a file attachment, or the certificate is available for you to copy to the Clipboard.

3. From the Lotus Notes client, open the Server Certificate Admin application.

4. Click "Install Trusted Root Certificate into Key Ring."

5. Enter the name of the key ring file that will store this certificate. You specified this name when you created the server certificate request.

6. Enter the name that the key ring file will use to identify this certificate. If you leave this field blank, Domino uses the distinguished name of the certificate.

7. Do one of the following:

If you copied the contents of the CA's certificate to the Clipboard in Step 2, choose Clipboard in the Certificate Source field. Paste the Clipboard contents into the next field.
If you received a file that contained the CA's certificate in Step 2, detach the file to your hard drive and select File in the Certificate Source field. Enter the file name in the File name field.

8. Click "Merge Trusted Root Certificate into Key Ring."

9. Enter the password for the key ring file, and then click OK.

10. Have the CA complete the procedure "Signing server certificates."

See also

Default Domino SSL trusted roots

Viewing SSL server certificates

Setting up SSL on a Domino server

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary