After installing Lotus Foundations, the only way to access my email externally via the browser was using port 4443. I found this annoying as some of my clients had this port closed. So, I created a fast-forward entry from external port 443 to internal port 4443 and voula! I was able to access my email using https with no problems. I am still able to access the webconfig as well. Then, tired of getting the IE SSL certification alert, I bought a certificate from Comodo (InstantSSL) and installed it on Domino using the instructions provided in this
It really works well. I access my public web site hosted in php/html and my internal databases via port https. Do not attempt to do the same for port 80! It does not work!
Creating SSL Certificate for Lotus Domino
This information can be downloaded from docshare website:
STEP 1. Open/Create Server Certificate Administration database
Open the database Server Certificate Administration database. If the database does not exists in your server, proceed to create it from the template called “csrv50.ntf”.
Tip: You need to open the database from the Lotus Notes client. The files generated can be temporally created in your local machine, once it is all created, you can move the keyring file back to the server.
STEP 2. Create Key Ring
Click on the Create Key Ring and fill out the fields as per the request. Before you start, make sure your company name appears in the Whois (www.who.is) otherwise, Comodo will reject it and you will need to fix it prior to requesting the SSL.
Tip: Remember the password you selected. WRITE IT DOWN as you will use several times and in the future.
STEP 3. Create Server Certificate Request
Click on the 2. Create Certificate Request. This is the mechanism used to send your private key information to the Comodo so they can issue the certificate. Proceed to fill out the form and copy and paste as per the instructions in the dialog box.
Step 4. Paste your Certificate Request into Comodo Certificate Options.
Presumably, you have already signed up and paid for a certificate. If that is the case, you will have access to www.instantssl.com and will be able to paste the certificate request into the Comodo for their validation. Once you paste the text. Click OK. Comodo might take one day to validate and process your order.
Step 5. Wait for the email notification and download.
You will receive an email notification when Comodo completed the validation. The email notification will contain a ZIP file and the Comodo SSL EV Text certificate. Download the ZIP file and decompress it to extract all certificates.
Tip: place the CRT files in an easy path to remember as you will need it later (i.e. C:\CRTs)
See sample after files were unzipped.
Step 6. Install the ExternalCARoot.crt
From the main menu Select 3. Installed Trusted Root Certificate into Keyring. Type the path of the file and then click on the button to merge. You will see a dialog box as shown below.
Tip: You need to install CRT file first. If attempt to do any of the other ones, you will get an error. Always install the certificates in this order:
Repeat the same process but now grab C:\CRTS\UTNAddTrustSGCCA.crt
Repeat the same process but now grab C:\CRT\ComodoUTNSGCCA.crt
Repeat the same process but now grab C:\CRT\ComodoHighAssuranceSecureServerCA.crt
Step 7. Install your domain_ca.crt
Finally select the option 4. Install Certificate into Key Ring . Select the file and proceed to install it. You will get a warning message, skip it by clicking Ok. You will get confirmation message that you can now enabled SSL in your website!
Step 8. Move the Keyrings to the domino\data folder
The last step is to copy the keyring.kyr and keyring.sht into the Server Domino\Data folder. If there is an existing keyring file, remove them and replace them with the new one. To test if the server is reading the key file, type this command:
Tell HTTP Show Security
You will see what keyring file is using!
You need to restart the HTTP task by issuing the following command:
Tell HTTP refresh.