You can create a self-certified certificate to test the certificate procedure at your organization. Because this certificate is not certified by a CA, use it only for testing purposes.

About this task

Note: This procedure describes steps used in Domino 11 and earlier versions. As of Domino 12, use of Certificate Manager and Certificate Store (certstore.nsf) is the preferred method for generating and managing certificates. For more information, seeManaging TLS certificates with Certificate Manager.

Procedure

1. From the HCL Notes® client, open the Server Certificate Admin application, and then click Create Key Rings & Certificates.

2. Click Create Key Ring with Self-Certified Certificate.

3. Complete these fields, and then click Create Key Ring with Self-Certified Certificate:

Table 1. Key ring with self-certified certificate fields

Field	Enter
Key ring file name	A file name with the extension .KYR.
Key ring password	At least 12 case-sensitive, alphanumeric characters.
Common name	A descriptive name that identifies the server certificate -- such as, Renovations TLSCA.
Organization	The name of the organization -- for example, a company name, such as Renovations.
Organizational Unit	Name of certifier division or department.
City or Locality	The organization city or locality.
State or Province	Three or more characters that represent the state or province in which the organization resides -- for example, Massachusetts. (For U.S. states, enter the complete state name, not the abbreviation.)
Country	A two-character representation of the country in which the organization resides -- for example, US for United States or CA for Canada.

5. Configure the port for TLS.

6. Set up database access.

Parent topic: Managing TLS certificates without Certificate Manager
Previous topic: Renewing expired certificates

Related concepts
TLS security

Related tasks
Configuring a port for TLS
Configuring a database ACL

Help on Help

All Help Contents

Help on Help