SECURING


Setting up SSL on a server-based CA server

Because server administrators and clients use browsers to access the CA server to request and pick up certificates, use SSL to protect the CA server. When you set up the CA server for SSL, you create the server key ring file and request a server certificate. Domino® automatically approves the server certificate and merges the CA certificate as a trusted root.

About this task

For information on approving server certificate requests for Domino servers that are not CA servers, see the related topic Signing server certificates.

Note: There are cases when you might want to use the Domino 5 certificate authority, for example, if you want to set up Domino for SSL using a third party certificate. For more information, look in the related topics for the technote Setting up a Domino 5 certificate authority.

Parent topic: Domino server-based certification authority

To set up SSL on a server-based CA server

Procedure

1. Create an Internet certifier.

2. Create the Certificate Requests application (CERTREQ.NSF).

3. Do the following to create a server key ring file to store the server certificate, and merge the CA certificate as a trusted root into the server key ring file:


4. Do the following to transfer the certificate request to the Administration Requests database:
5. Have an authorized registration authority approve the request. This RA should be authorized for the certifier for which you are setting up SSL.
6. Transfer the certificate request out of the Administration Requests database:
7. After the CA signs the request for a server certificate and notifies you to pick up the certificate, do the following:
8. Do the following to merge the approved server certificate into the key ring file:
9. Configure the port for SSL:
10. Do the following to confirm that SSL is working on the server.
Results

If the Security indicator (a padlock icon) is closed (locked), you have successfully established a secure session over SSL.

Related tasks
Setting up SSL on a Domino server

Related information