SECURING
To set up TLS on your server, you need a server certificate from an Internet certificate authority.
Note: This procedure describes the procedure used in Domino 11 and earlier versions. As of Domino 12, use of Certificate Manager and Certificate Store (certstore.nsf) is the preferred method for generating and managing certificates. For more information, seeManaging TLS certificates with Certificate Manager.
You can use a self-signed certificate or one from a third-party certificate authority (CA). A server certificate is a binary file that uniquely identifies the server. The server certificate is stored on the server's hard drive and contains a public key, a name, an expiration date, and a digital signature. The key ring also contains root certificates used by the server to make trust decisions.
However, you can still use use OpenSSL (available on the Internet) and KYRTool (installed with Domino) to generate a keyring file for Domino servers to use. For instructions, see the article https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0033348 on the HCL Software Support site.
Parent topic: Managing TLS certificates without Certificate Manager Next topic: Viewing TLS server certificates