Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Install a certificate for Domino

IMPORTANT: all the operations below must be performed with Administrator rights.

The installation procedure is quite meticulous! The installation must be done in the same Key Ring that was used to generate the CSR. If you do not have this Key Ring, you must generate a new CSR with a new Key Ring.
You can also generate a KEYRING with the KYRTool. Read the instructions in our FAQ: Generate a CSR for Domino If your certificate is chained with intermediate certificates (available in the delivery email), you must first install them.
This will give in the order of installation:

  • Root certificate
  • Intermediate certificate 1
  • Intermediate Certificate 2 (if available)
  • Your certificate

Installation of the root and intermediate certificate

Domino software makes no distinction between the root and intermediate certificates. The procedure is therefore the same for both types.

  1. Open the "Domino Server Certificate Administration" and click on "Install Trusted root Certificate into Key Ring"

  2. Complete the following fields:
    • Key Ring File Name : enter the name of the key ring (with the path), used to generate the CSR
    • Certificate Label : enter a name that will be seen when you choose to edit the key ring
    • Certificate source If you choose "File", you will have to provide the path to the root certificate in CRT format. If you choose "Clipboard", you will have to copy and paste the content of the root certificate below
    • Click on "Merge Certificate into Key Ring"

This process will have to be repeated for each intermediate certificate also

Installation of the certificate

  1. Click on "Install Certificate Into Key Ring"
  2. Complete the following fields:
    • Key Ring File Name : enter the name of the key ring (with the path), used to generate the CSR
    • Certificate Source If you choose "File", you will have to provide the path to the certificate in CRT format. If you choose "Clipboard", you will have to copy and paste the content of the certificate below
    • Click on "Merge Certificate into Key Ring"

Your certificate is now installed.

If a root or an intermediate certificate is missing or if you did not install them in the correct order you may encounter this error Could not find issuer . At this point, repeat step 1.

To activate SSL on your web server, do not forget to place the .STH and .KYR files in the DATA repertory.

To reload the server configuration (with no interruption of service), enter tell http refresh in the console. If after that, the certificate is still not presented by the server, go to the Admin console and in the server tasks, restart the "Router" and "HTTP" services.

Useful links

Third-party Documentation: