Setting up SSL on AUT servers

IBM Notes clients connect to AUT servers over secure HTTPS connections. Before you configure AUT servers, complete this procedure to create an SSL certificate on AUT servers.

About this task

To create an SSL certificate on AUT servers, generate an SSL SHA-2 certificate in a keyring file, deploy the keyring file on the AUT servers, and import the certificate into the Domino directory of the AUT servers. For more details, on generating and deploying the keyring file (steps 1 - 6), see the following article Generating a keyring file with a third party CA SHA-2 cert using OpenSSL and KYRTool on a Windows workstation .

Procedure

  1. Set up the Server Certificate Admin application, (CERTSRV.NSF), which Domino® creates automatically during server setup.
  2. Create a server key ring file to store the server certificate.
  3. Request an SSL server certificate from the CA.
  4. Merge the CA certificate as a trusted root into the server key ring file.
  5. The CA approves the request for a server certificate and sends notification that you can pick up the certificate.
  6. Merge the approved server certificate into the key ring file.
  7. Copy the keyring file to the data directory of each AUT server.
  8. Import the certificate into the Domino directory:
    1. Copy the Internet certificate file to your Domino Administrator client computer.
    2. From the Domino Administrator, click the People & Groups tab and the Certificates view.
    3. Click Actions > Import Internet Certificates.
    4. Browse for and open the local certificate file.
    5. Verify that the certificate is selected in the Open Internet Certificates box and then click Accept All.
    6. Click View > Refresh and verify that the new certificate is now displayed in the Certificates view of the Domino Directory.

What to do next

Next, create a Configuration document in the Domino directory for AUT servers.