Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Generate a CSR for Domino

The generation of a CSR for Domino requires the creation of a "Key Ring" internal to the Domino application. Therefore, it is not recommended to use our Keybot tool when generating the CSR. The documentation below is here to guide you step by step to generate a CSR with Domino.

NEW: it is no longer mandatory to use the Domino server application to create a KEYRING. If you have used our Keybot tool or OpenSSL to generate your private key, you can create a KEYRING with the tool KYRTool.
To know how to proceed, follow the instructions available here : Official documentation

IMPORTANT: all the operations below must be performed with Administrator rights.

Creation of Key Ring

  1. From the Notes client, open the "Server Certificate Admin" application on the server on which you want to enable SSL

  2. Click on "Create Key Ring"

  3. Complete the following fields:

    • Key Ring File Name : enter the name of the Key Ring file. By default, this name is "keyfile.kyr"
    • Key Ring Password : choose a password for the Key Ring
    • Key Size : choose the length of the key. The recommended size is 2048-bit.
    • Common Name : enter the FQDN name of the server. For example www.mydomain.com
    • Organization : enter the name of your organization. For example the name of your company.
    • Organization Unit (optional field): enter the name of your company's division
    • City or Locality: enter the name of the city where your company is located.
    • State or Province : enter the full name of your state/province where your company is located
    • Country : Enter the first two characters of the country where the company resides. For example US

  4. Click on "Create Key Ring"

  5. After verifying the Key Ring information, click "OK. The Notes client will create the Key Ring file and a .STH file. These files will be placed in the "data" folder on the computer where the Notes client was run.

  6. Copy these two files to the "data" folder on the Domino server

Génération of CSR

  1. From the Notes client, open the "Server Certificate Admin" application on the server on which you want to enable SSL

  2. Click on "Create Certificate Request"

  3. Complete the following fields:

    • Key Ring File name : enter the name of the key ring file including the path
    • Log Certificate Request : choose option 1 to log the information into the application. Otherwise choose option 2
    • Method : choose option "1. Paste into form on CA's site (recommended)"

  4. Click on "Create Certificate Request."

  5. Enter the key ring password

  6. Copy and paste the CSR (including the lines "BEGIN CERTIFICATE" and "END CERTIFICATE") in the Order form

Useful links