Creating SSL Certificate for Lotus Domino

STEP 1. Open/Create Server Certificate Administration database

Open the database Server Certificate Administration database.  If the database does not exists in your server, proceed to create it from the template called “csrv50.ntf”.

Tip: You need to open the database from the Lotus Notes client. The files generated can be temporally created in your local machine, once it is all created, you can move the keyring file back to the server.

STEP 2. Create Key Ring

Click on the Create Key Ring and fill out the fields as per the request.  Before you start, make sure your company name appears in the Whois (www.who.is) otherwise, Comodo will reject it and you will need to fix it prior to requesting the SSL.

Tip: Remember the password you selected. WRITE IT DOWN as you will use several times and in the future.

STEP 3. Create Server Certificate Request

Click on the 2. Create Certificate Request. This is the mechanism used to send your private key information to the Comodo so they can issue the certificate.  Proceed to fill out the form and copy and paste as per the instructions in the dialog box.

Step 4. Paste your Certificate Request into Comodo Certificate Options.

Presumably, you have already signed up and paid for a certificate. If that is the case, you will have access to www.instantssl.com and will be able to paste the certificate request into the Comodo for their validation.  Once you paste the text. Click OK. Comodo might take one day to validate and process your order.

Step 5. Wait for the email notification and download.

You will receive an email notification when Comodo completed the validation. The email notification will contain a ZIP file and the Comodo SSL EV Text certificate. Download the ZIP file and decompress it to extract all certificates.

Tip: place the CRT files in an easy path to remember as you will need it later (i.e. C:\CRTs)

See sample after files were unzipped.

Step 6. Install the ExternalCARoot.crt

From the main menu Select 3. Installed Trusted Root Certificate into Keyring.  Type the path of the file and then click on the button to merge. You will see a dialog box as shown below.

Tip: You need to install CRT file first. If attempt to do any of the other ones, you will get an error. Always install the certificates in this order:

Repeat the same process  but now grab C:\CRTS\UTNAddTrustSGCCA.crt

Repeat the same process  but now grab C:\CRT\ComodoUTNSGCCA.crt

Repeat the same process  but now grab C:\CRT\ComodoHighAssuranceSecureServerCA.crt

Step 7. Install your domain_ca.crt

Finally select the option 4. Install Certificate into Key Ring  . Select the file and proceed to install it. You will get a warning message, skip it by clicking Ok. You will get confirmation message that you can now enabled SSL in your website!

Step 8. Move the Keyrings to the domino\data folder

The last step is to copy the keyring.kyr and keyring.sht  into the Server Domino\Data folder.  If there is an existing keyring file, remove them and replace them with the new one.  To test if the server is reading the key file, type this command:

Tell HTTP Show Security 

You will see what keyring file is using!

 You need to restart the HTTP task by issuing the following command:

Tell HTTP refresh.