How to upgrade IBM Domino to use TLS instead of SSLv2/v3? Firefox glitch

Posted: 18 March 2015 in Tutorials and guides
Tags: , , ,

Register Internet Certifier
1. Launch the Domino Administrator client.
2. Configuration > Tools > Registration >Internet Certifier.
3. I want to register a new Internet certifier that uses the CA process.
4. Create Certifier Name.
5. Fill the fields, the mandatory is Common Name (regulary, Company Name should be here). OU, State, country are optional but remember that country is in code format (2 digits, eg. PL).
6. Choose Issued Certificate List and modify if you wish like, cert\MyCA.nsf.
7. Encrypt Certified ID with: Encrypt ID with Server ID and Require password to activate certifier.

> load ca
> tell adminp process all
> tell ca refresh
> tell ca activate
> tell ca stat

Create Certificate Request
1. File > Database > New.
2. Fill Title, Filename like “CertReqz” and “CertR.nsf”.
3. Show Advanced Templates and choose “Certificate Requests (6) like certreq.ntf.
4. Remember, template cannot be Local, but from the server.
5. Open, fulfill and choose like Automatic Transfer Server.
Create Key Ring file
1. In the Certificate Requests database, choose “Domino Key Ring Management”.
2. Create Key Ring.
3. Name and filename.kyr, password and key-size (at least 1024).
4. Fill Server Common Name (FQDN of the mail server!), OU, State and Country.
5. Create Key Ring.
6. Return to CertReqz and go to Pending/Submitted Requests and refresh it (F9).
7. Submit Selected Requests it is still Pending Sumbission.
8. Open Admin4.nsf and CA Request/Cert Request – find your request.
9. Edit it and Approve.
10. Go to Administrator mail file, and locate “Your certificate request has been approved”. Copy the pickup ID to the clipboard.
11. In CertReqz choose “Domino Key Ring Management” > “Pickup Key Ring Certificate”.
12. Paste the pickup ID, enter password.
13. Merge Signed Certificate.
14. Copy the *.kyr and *.sth files to server data directory, eg. disk:\domino\lotus\data.
15. If SSL is configured, than only change the kyr location.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s