Creating SSL Certificate for Lotus Domino
STEP 1. Open/Create Server Certificate Administration database
Open the database Server Certificate Administration database. If the database does not exists in your
server, proceed to create it from the template called “csrv50.ntf”.
Tip: You need to open the database from the Lotus Notes client. The files generated can be temporally
created in your local machine, once it is all created, you can move the keyring file back to the server.
STEP 2. Create Key Ring
Click on the Create Key Ring and fill out the fields as per the request. Before you start, make sure your
company name appears in the Whois (www.who.is) otherwise, Comodo will reject it and you will need
to fix it prior to requesting the SSL.
Tip: Remember the password you selected. WRITE IT DOWN as you will use several times and in the
STEP 3. Create Server Certificate Request
Click on the 2. Create Certificate Request. This is the mechanism used to send your private key
information to the Comodo so they can issue the certificate. Proceed to fill out the form and copy and
paste as per the instructions in the dialog box.
Step 4. Paste your Certificate Request into Comodo Certificate Options.
Presumably, you have already signed up and paid for a certificate. If that is the case, you will have access
to www.instantssl.com and will be able to paste the certificate request into the Comodo for their
validation. Once you paste the text. Click OK. Comodo might take one day to validate and process your
Step 5. Wait for the email notification and download.
You will receive an email notification when Comodo completed the validation. The email notification will
contain a ZIP file and the Comodo SSL EV Text certificate. Download the ZIP file and decompress it to
extract all certificates.
Tip: place the CRT files in an easy path to remember as you will need it later (i.e. C:CRTs)
See sample after files were unzipped.
Step 6. Install the ExternalCARoot.crt
From the main menu Select 3. Installed Trusted Root Certificate into Keyring. Type the path of the file
and then click on the button to merge. You will see a dialog box as shown below.
Tip: You need to install CRT file first. If attempt to do any of the other ones, you will get an error. Tip:
Always install the certificates in this order:
Repeat the same process but now grab C:CRTSUTNAddTrustSGCCA.crt
Repeat the same process but now grab C:CRTComodoUTNSGCCA.crt
Repeat the same process but now grab C:CRTComodoHighAssuranceSecureServerCA.crt
Step 7. Install your domain_ca.crt
Finally select the option 4. Install Certificate into Key Ring . Select the file and proceed to install it. You
will get a warning message, skip it by clicking Ok. You will get confirmation message that you can now
enabled SSL in your website!
Step 8. Move the Keyrings to the dominodata folder
The last step is to copy the keyring.kyr and keyring.sht into the Server DominoData folder. If there is
an existing keyring files, remove them and replace them with the new one. To test if the server is
reading the key file, type this command:
Tell HTTP Show Security
You will see what keyring file is using!
You need to restart the HTTP task by issuing the following command:
Tell HTTP refresh.