How to Install an SSL Certificate in Lotus Domino Server?

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...
Install SSL Certificate Lotus Domino

SSL is implemented with Lotus Domino server to secure all web traffic between clients and the server with encryption and trust.

To install an SSL certificate in Domino, you combine the root, intermediate, and server certificate in the same key ring file you created for the Certificate Signing Request (CSR). This article will review how to install an SSL Certificate in Lotus Domino.

Prerequisites

Here are some of the prerequisites to install SSL Certificate in Lotus Domino:

CSR (Certificate Signing Request):

  • Before ordering your SSL certificate, you must create a Certificate Signing Request from your Lotus Domino server.
  • The CSR contains your organizational details and public key that is used by the Certificate Authority (CA) to issue your certificate. You will not be able to request or install an SSL certificate without a valid CSR.

Key Ring file (.kyr):

  • The Key Ring file is where Lotus Domino stores its SSL certificates and private key.
  • It was created when you generated the CSR, and it is critical that you use the same Key Ring file during installation because the server certificate must match the private key from the Key Ring file.
  • If you can’t find the original file, then you will need to create a new CSR with the new Key Ring and request reissues of your certificate.

SSL Certificate package from the CA:

  • Once your order is approved, your Certificate Authority will send you a ZIP package of the SSL certificate files.
  • You will typically receive the Trusted Root Certificate, one or more Intermediate Certificates, and the Server Certificate issued for your domain.
  • These files must be installed in the correct order to allow the certificate chain to be trusted by browsers.

Read Also: Root Certificates vs. Intermediate Certificates: Difference

Correct Installation Order Awareness:

  • Lotus Domino requires that certificates are merged into the Key Ring in the following sequence: Trusted Root first – any Intermediate Certificates second – Server Certificate last.
  • If you merge in any order other than this, you run the risk of having an incomplete chain, and when your clients connect over HTTPS will produce trust errors.

Backup and Access Permissions:

  • Before you start, be sure to back up your Key Ring file and be sure you have administrator access to the Domino server.
  • A backup will protect you against accidental data loss when working with your certificates, and access ensures you are able to edit system databases (such as CERTSRV.NSF, which is where certificate management occurs).

Steps to Install SSL Certificate in Lotus Domino

Here are the steps to install to SSL Certificate in Lotus Domino:

Step 1: Open Server Certificate Administration

  • Launch the Domino Administrator.
  • Navigate to Files → System Databases.
  • Open Server Certificate Administration (CERTSRV.NSF).

Step 2: Install the Root Certificate

  • Select Install Trusted Root Certificate into Key Ring.
  • Enter the Key Ring file name used when generating the CSR.
  • Choose the Root Certificate file (TrustedRoot.crt).
  • If you receive a message that the Root is already installed, skip to the next step.

Step 3: Install the Intermediate Certificates

  • Again, select Install Trusted Root Certificate into Key Ring.
  • Use the same Key Ring file.
  • Install the Intermediate Certificates in order:
    • If included, install DigiCertCA2.crt first.
    • Then install DigiCertCA.crt.

Step 4: Install the Server Certificate

  • Select Install Certificate into Key Ring.
  • Enter the Key Ring file name.
  • Choose your primary certificate (your_domain_name.crt).
  • Click Merge Certificate into Key Ring.

Step 5: Configure Internet Ports for SSL

  • In Domino Administrator, go to the Server Certificate Administration.
  • Double-click your server name.
  • Open the Ports → Internet Ports tab.
  • Select Edit Server.
  • Enter the path to your Key Ring file in the SSL key file name field.
  • Save and close.
  • Restart the Domino server.
    • You should see HTTP Web Server started if SSL is enabled.

Step 6: Verify Installation

  • Open a browser and go to your site using the following: https://your_domain.com.
  • After completion of the previous steps, if the SSL certificate is installed successfully, you should see a padlock icon in the browser.
  • Alternatively, you can use a Certificate Checker tool to check that the full certificate chain is trusted.

Secure Your Domino Server Today with CheapSSLweb

Get your SSL certificate at the best price with CheapSSLweb with trusted DigiCert, GeoTrust, and other brands of SSL certificates at the best rate available. Protect your website, gain trust from your customers and comply with your industry security and performance standards without breaking the bank.

Secure your Site Now

Enable HTTPs on your Website by Purchasing SSL, Generate CSR and Install on your Web Server.

Starts at Just $3.99/Yr
Janki Mehta

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast having 7+ years of experience and knowledge about Encryption, Digital Certificates and Online Security, She helps online users to stay safe and protect their online presence. Explore SSL Errors, Installation Guide and Security Tutorials for Safe Browsing and Web Security Experience.