REFERENCE


Creating a CA key ring file and certificate
When you use the Domino Administrator to create the CA key ring file, it is stored by default in the client's data directory.

Make sure that you keep the key ring file in a secure location, especially if you copy it to a shared location. To prevent unauthorized access, only the administrators that you specify should have access to the CA's key ring file and password.

To create a CA key ring file and certificate

1. Make sure you created the Domino Certificate Authority application.

2. From the Domino Administrator, click Files, and open the Domino Certificate Authority application.

3. Click Create Certificate Authority Key Ring & Certificate.

4. Complete these fields:
FieldAction
Key ring file nameEnter the explicit path and file name for the CA key ring. The default is CAKEY.KYR in the Domino Administrator's data directory. It's helpful to use the extension .KYR to keep server and CA key ring file names consistent.
Key ring passwordSpecify a password for the key ring.
Password verifyEnter the password entered into the previous field. This helps ensure the password is entered correctly.
Key SizeSelect the size of the public and private key pairs. The larger the size, the stronger the encryption.
Common nameEnter a descriptive name that identifies the CA certificate -- for example, Acme SSLCA.
OrganizationEnter the name of the certifier organization. This is usually a company name, such as Acme.
Organizational Unit(Optional) Enter the division or department in which the certifier resides.
City or Locality(Optional) Enter the city or town where the certifier resides.
State or ProvinceEnter three or more characters that represent the state or province where the certifier resides, such as Massachusetts. (For U.S. states, enter the complete state name, not the abbreviation.)
CountryEnter the two-character representation of the country where the certifier resides -- for example, US for United States or CA for Canada.


5. Click Create Certificate Authority Key Ring.

6. After you review the information about the key ring file and CA name, click OK.

7. Make a backup copy of the Certificate Authority key ring file, and store it in a secure location.

8. Configure the Domino Certificate Authority application profile.

To change the password for the CA key ring file

To ensure the continued security of the CA key ring file, periodically change its password.

1. From the Domino Administrator, click Files, and open the Domino Certificate Authority application.

2. Click View Certificate Authority Key Ring, and then click Change CA Key Ring Password.

3. Enter the old password, and then click OK.

4. Enter a new password, and then click OK.

See also