ADMINISTERING


Using Domino Console to create MicroCA certificates for existing servers

For existing servers, a Domino Console command generates microCA certificates to replace the former process of using self-signed certificates to establish the intitial SSL/TLS connection for the Server Controller and Java-based Domino Console.

Before you begin

The certstore.nsf app must exist and CertMgr task be running.

About this task

Follow these instructions to address security concerns related to the use of self-signing certificates on existing Java-based Domino consoles and server controllers.

Note: For new servers, these concerns are handled by the CertMgr process: during server setup, a certificate is automatically created for the server controller and Domino Console. The certificates are created as PKCS12 files with the .p12 extension. These files are created in the data directory of the server, where the console command is issued.

Procedure

1. If the cert manager process isn't running on the Domino domain's administration server, start the cert manager process by loading the process ncertmgr.

2. Run the certmgmt console command as follows:

3. Import the certificates into the key store and trust store as follows: 4. Start the server using the Server Controller:
5. Once the mircoCA certificates are imported, the server controller or Domino CConsole will no longer use the old self-signed certificates.

6. The jconsole supports importing multiple domain certificates into key and trust stores, resulting in your being able to connect to multiple domain servers. Edit the dconsole.ini file in the data directory of the server and add the following lines:

7. If you want to use your own certificates instead of Domino microCA certificates, follow these steps. Related concepts
Managing TLS certificates with Certificate Manager