Articles in Root

Share Via Email

How do I generate a CSR on Lotus Domino 8.0 and lower?

Problem

How do I generate a CSR on Lotus Domino 8.0 and lower?

Solution

With older versions of IBM Lotus Domino, your SSL certificate will have to be installed under our QuoVadis Root Certification Authority. This is due to a key size issue known by IBM with our QuoVadis Root CA 2 certificate. The SSL certificate will install correctly, however you can only apply for a business 1 year SSL. EV SSL is also not available.  This problem is fixed in IBM Lotus Domino version 8.1 and above.

  1. First you must open the Domino Server Certificate Administration (certsrv.nsf).  You can do this by clicking on System Databases in the administration panel.  Once there, choose the option, open Domino Server Certificate Administration.
  2. The Server Certificate Administration will appear.  Click on the 1. Create Key Ring link.
  3. In the Key Ring File Name field, enter in a name and location for your key ring.  Your key ring is the file that will hold all of the certificates.
  4. In the Key Ring Password field, enter in a password for the key ring you will create.  Enter in this same password in the Password Verify field.
  5. In the Key Size field, select 1024 from the drop down list.
    Note: Due to the key size, you can only apply for a 1 year business SSL certificate.  If you wish to obtain either a 2 year or 3 year business SSL certificate, or an EV SSL certificate, then you must upgrade your IBM Lotus Domino server to version 8.1 or greater.

  6. Enter in the fields using the following table as a guide:
    Common Name: This will be the Common Name on the certificate.  The Common Name is the Host + Domain Name.  It looks like secure.example.com or example.com.

    Organization: The legal name of your organization.

    Organizational Unit: This optional field is the name of the department or other group making the request.

    City or Locality: The locality field is the city or town name, for example: Hamilton or London.

    State or Province: Spell out the state completely; do not abbreviate the parish, state or province name, for example: Pembroke or Arizona.

    Country: Use the two-letter code of your country without punctuation, for example: BM, GB or CH.

  7. Click on the Create Key Ring button. You will now get confirmation that the key ring has been created.
  8. In the confirmation window, click on the OK button to return you to the main menu.  From here, click on the 2. Create Certificate Request link.
  9. Select the Paste into form on CA's site option.
  10. Click on the Create Certificate Request button.
  11. The Certificate Request Created window will appear.  Copy all of the contents in the CSR text box, including the BEGIN and END tags.
  12. Submit the CSR to QuoVadis.

Legal


DigiCert is the world’s premier provider of high-assurance digital certificates—providing trusted SSL, private and managed PKI deployments, and device certificates for the emerging IoT market. Since our founding almost fifteen years ago, we’ve been driven by the idea of finding a better way. A better way to provide authentication on the internet. A better way to tailor solutions to our customer’s needs.

© 2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.