ADMINISTERING
For existing servers, a Domino Console command generates microCA certificates to replace the former process of using self-signed certificates to establish the intitial SSL/TLS connection for the Server Controller and Java-based Domino Console.
Before you begin
The certstore.nsf app must exist and CertMgr task be running.
About this task
Follow these instructions to address security concerns related to the use of self-signing certificates on existing Java-based Domino consoles and server controllers.
Note: For new servers, these concerns are handled by the CertMgr process: during server setup, a certificate is automatically created for the server controller and Domino Console. The certificates are created as PKCS12 files with the .p12 extension. These files are created in the data directory of the server, where the console command is issued.
Procedure
1. If the cert manager process isn't running on the Domino domain's administration server, start the cert manager process by loading the process ncertmgr.
2. Run the certmgmt console command as follows:
a. Run the following command to create a certificate for server controller of the server running on the host myhost in the Domino domain mydomain:
A file namedmyhost_mydomain_s.p12will be created.
A file namedmyhost_mydomain_c.p12will be created.
The Server Controller in turn starts the jconsole and nserver processes, while the microCA certificates are imported into the trust stores and key stores, respectively.
The following four files are created:
Certificate_File=myhost_mydomain_s.p12,****,
Note: **** indicates that the certificate was processed or imported and won't be processed again.
6. The jconsole supports importing multiple domain certificates into key and trust stores, resulting in your being able to connect to multiple domain servers. Edit the dconsole.ini file in the data directory of the server and add the following lines:
b. Copy the file to the data directory of your server and/or client area, depending on the server or console's certificate.
c. Edit dcontroller.ini or dconsole.ini to add Certficate_File= line or lines, as shown: