Generating a keyring file with a self-signed or third-party certificate

To set up SSL on your server, you need a key ring containing a server certificate from an Internet certificate authority.

You can use a self-signed certificate or one from a third-party certificate authority (CA). A server certificate is a binary file that uniquely identifies the server. The server certificate is stored on the server's hard drive and contains a public key, a name, an expiration date, and a digital signature. The key ring also contains root certificates used by the server to make trust decisions.

Use OpenSSL (available on the Internet) and KYRTool (installed with Domino) to generate a keyring file for Domino servers to use. For instructions, see the article Generating a keyring file for Domino on the HCL Software Support site.