SECURING


Creating a certifier for a server-based CA

You can create additional HCL Notes® and Internet certifiers for your organization and configure them to use the CA process.


Parent topic: Domino server-based certification authority

To create a Notes certifier

About this task

Notes certifiers are created first, and then migrated to the CA process.

Procedure

1. Register an additional organization certifier or organizational-unit certifier.

2. Migrate the certifier to the CA process.

To create an Internet certifier

About this task

Internet certifiers are created and registered using the CA process.

Procedure

1. From the HCL Domino Administrator, click Configuration.

2. On the Tools pane, select Registration -> Internet Certifier.

3. In the Register Internet Certifier dialog box, select I want to register a new Internet certifier that uses the CA process.

4. In the Register a New Internet Certifier dialog box, click Basics.

5. Create the certifier name. Specify a common name and at least one additional component:

6. Choose the server on which the CA process is running. This is the same server on which the ICL database will be created.

7. Optional: Modify the default ICL database name (for example: icl\icl_Renovations.nsf).


8. For Encrypt Certifier ID with, select one:
9. Optional: In the Administrators list, enter the names of additional CAAs and RAs. The name of the administrator creating the CA is automatically included in the list as both a CA administrator and an RA administrator.

10. On the Certificates tab, complete these fields:


11. Click Miscellaneous, and then click Create a local copy of the certifier ID. Specify the certifier ID file name and password, and click OK. A copy of the certifier ID is saved to the default path ...\notes\data\ids\certs\cert.id. You can select a different path. Use this local copy of the certifier ID as a backup to re-create the certifier if it becomes corrupted.

12. Complete these fields to specify Certificate Revocation List information for this certifier:


13. Complete these fields to specify Key and certifier certificate information for this certifier:
14. Complete these fields to specify the Certifier PKIX Alternative Name(s) information for this certifier:
15. Click OK.

Results

A message appears saying that you have successfully set up a CA.

What to do next

Complete these procedures:


Related concepts
Administering a Domino CA
Domino server-based certification authority

Related tasks
Creating an additional organization certifier ID
Creating an organizational unit certifier ID
Migrating a certifier to the CA process
Setting up a server-based Domino certification authority