Setting up SSL with a self-certified certificate
Table of contents
For development, test with SSl if your production site is going to run Secure Sockets Layer (SSL). You can either spend the money for a CA certificate or create your own. If your testing is going to be done with a controlled group, then a self-certified certificate will work. Make sure to tell the users to accept the certificate.
Creating a self-certified certificate
From the Notes client, open the Server Certificate Admin application, and then click Create Key Rings & Certificates
Click Create Key Ring with Self-Certified Certificate
and complete the fields as shown in the following figure.
Then click Create Key Ring with Self-Certified Certificate. Use the values from the following table to complete the fields in the Key ring created with self-signed certificate window shown below the table.
Key ring file name
A file name with the extension .KYR.
Key ring password
At least 12 case-sensitive, alphanumeric characters.
A descriptive name that identifies the server certificate, such as, RiverBend CA.
The name of the organization, for example, a company name such as Acme.
(Optional) Name of certifier division or department.
City or Locality
(Optional) The organization city or locality.
State or Province
Three or more characters that represent the state or province in which the organization resides, for example, Massachusetts. (For U.S. states, enter the complete state name, not the abbreviation.)
A two-character representation of your country, for example, US for United States or CA for Canada.
Key ring created with self-signed certificate window
Now copy the key ring file and stash (.STH) file from you local hard drive to the data directory of the Domino server. You either have to rename the files to keyfile.kyr and keyfile.sth or change the file name on the Web site documents.
Now configure the server to use SSL for the ports that you want encrypted.