Generating a keyring file with a self-signed or third-party certificate

To set up TLS on your server, you need a server certificate from an Internet certificate authority.

Note: This procedure describes the procedure used in Domino 11 and earlier versions. As of Domino 12, use of Certificate Manager and Certificate Store (certstore.nsf) is the preferred method for generating and managing certificates. For more information, see Managing TLS certificates with Certificate Manager.

You can use a self-signed certificate or one from a third-party certificate authority (CA). A server certificate is a binary file that uniquely identifies the server. The server certificate is stored on the server's hard drive and contains a public key, a name, an expiration date, and a digital signature. The key ring also contains root certificates used by the server to make trust decisions.

However, you can still use use OpenSSL (available on the Internet) and KYRTool (installed with Domino) to generate a keyring file for Domino servers to use. For instructions, see the article How to set up SSL using a third-party Certificate Authority (CA) on the HCL Software Support site.