Enabling SSL is a three step process:
1. Create the Key Ring with a Self Signed Certificate
2. Copy the Key Ring and Stash file to the data directory
3. Configure SSL on the server
CREATE THE KEY RING WITH A SELF SIGNED CERTIFICATE
If not already running, open the Admin client by clicking on the IBM Domino Admin shortcut on
the desktop. Enter in the password for Domino Admin
which is apassw0rd
Click on the menu item File-->Application-->Open
and choose domino/demos
as the server
and choose Server Certificate Admin
as the application to open.
Since this is a training environment we will not purchase a Trusted Root Certificate from a third
party provider and we will not install that into the Key Ring for our server. What we will do is
create a key ring and install a self signed certificate. Close the About
document. Click on the
Create Key Ring with Self Signed-Certificate.
Fill out the form as follows: use passw0rd
for the key ring password
. The Common Name
and the Organization
. Use WORK
for the State
for the Country
Click the Create Key Ring with Self-signed Certificate
button at the bottom.
The next window you should see is the confirmation that the keyring has been created. Now
Using Windows File Explorer, navigate to the c:\Program Files(x86)\IBM\Notes\data
and copy the two files selfcert.kyr
Now browse to the Domino data directory located at c:\Program Files\IBM\Domino\data
paste the files into that directory. Close file explorer when done.
Now click the Demos-Domain
tab and the select Configuration-->Server
and open the server
document. Click on the Ports
Click on the Internet Ports
tab and click on Edit Server
. Change the field SSL Key File name
. Then at the bottom of the page find the SSL port status
field and set that to
. Then click Save and Close.
Open the Domino console and issue the command restart server.
The server will pick up the
changes on restart.
At this point, SSL has been configured so that the Domino server can use encryption for http sessions between
itself and all clients.
Applying the FP3 for domino 9 to support SSL3.0 or TLS, if not the latest version broswers(Chrome,firefox) can not access the website of domino which enabled SSL using this method.