Lotus Software logo
IBM Lotus Domino 8.5 Administrator
  Versions 8.5 and 8.5.1






Setting up SSL on a Domino server

Set up SSL on a IBM® Lotus® Domino® server so that clients and servers that connect to the server use SSL to ensure privacy and authentication on the network. You set up SSL on a protocol-by-protocol basis. For example, you can enable SSL for mail protocols -- such as IMAP, POP3, and SMTP -- and not for other protocols.

To set up SSL on your server, you need a key ring containing a server certificate from an Internet certificate authority. You can request and obtain a server certificate from either a Domino or third-party certificate authority (CA) and then install it in a key ring. A server certificate is a binary file that uniquely identifies the server. The server certificate is stored on the server's hard drive and contains a public key, a name, an expiration date, and a digital signature. The key ring also contains root certificates used by the server to make trust decisions.

This describes the process to follow if you need to set up SSL on a Domino server that is not already a Domino certificate authority server. You complete the setup process regardless of whether you request a server certificate from a Domino or third-party CA.

Note You can enable SSL on a server when you register the server if you have already have a Domino server-based certification authority running in the Domino domain.

To set up SSL on a Domino server

  1. Set up the Server Certificate Admin application, (CERTSRV.NSF), which Domino creates automatically during server setup.
  2. Create a server key ring file to store the server certificate.
  3. Request an SSL server certificate from the CA.
  4. Merge the CA certificate as a trusted root into the server key ring file.
  5. The CA approves the request for a server certificate and sends notification that you can pick up the certificate.
  6. Merge the approved server certificate into the key ring file.
  7. Configure the port for SSL.
  8. If you are using client authentication, add the client's name to database ACLs and access lists for design elements.
Related topics
Setting up the Server Certificate Admin application
Creating a server key ring file
Requesting an SSL server certificate
Merging a CA certificate as a trusted root
Signing server certificates
Merging a server certificate into the key ring file
Configuring a port for SSL
Setting up database access for SSL clients
Registering a server
SSL and S/MIME for clients
SSL security




Library | Support | Terms of use |

Last updated: Monday, October 5, 2009