Ask a Question

Advanced Search

Alert ID : INFO287

Last Modified : 04/23/2019

Managed PKI for SSL - Installation Instructions for Lotus Domino 5.x


This document provides instructions for installing SSL Certificates.  If you are unable to use these instructions for your server, Symantec recommends that you contact either the vendor of your software or an organization that supports Domino R5.

Step 1: Download the Root and Intermediate CA Certificate

         NOTE: Ensure that the correct Root and Intermediate CA certificate has been selected for your SSL product.
         To check which certificate type you have purchased, follow the steps from this link
  1. Download the Root CA certificate from this link.
  2. Select the Root CA for your SSL Certificate under the Managed PKI for SSL section.
  3. Copy the file to your clipboarf and save it as TrustedRoot.txt.
  4. Download the Intermediate CA certificate from this link.
  5. Click on the Managed PKI for SSL tab.
  6. Select the appropriate Intermediate CA certificate for your SSL Certificate type.
  7. Copy the intermediate certificate to your clipboard.
  8. Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces, extra line breaks or additional characters have been inadvertently added.
  9. Save the file as Intermediate.txt.

Step 2: Install the Root and Intermediate CA Certificate

  1. Open the Server Certificate Admin database and click "View & Edit Key Rings".
  2. Click "Select Key Ring to Display" and enter your server's key ring file.
  3. Click "Create Key Rings & Certificates" option in the Server Certificate Admin database.
  4. Click "Install Trusted Root Certificate into Key Ring".
  5. Enter the server's key ring file name in the Key Ring Information section.
  6. In the "Certificate Label" field enter the name of the Root CA.
  7. Return to the Domino Server Certificate Admin document. Paste the TrustedRoot.txt into the "Certificate from Clipboard" area.
  8. Click the "Merge Trusted Root Certificate into Key Ring" button.  This adds the certificate to your key ring.
  9. Repeat the steps to install the Intermediate.txt.

Step 3: Obtain the SSL Certificate

  1. Once your Managed PKI for SSL administrator has approved your Certificate request, you will receive an email with
    the Certificate. 
  2. Copy the certificate, imbedded in the body of the email and paste it into a text file using Vi or Notepad.
    NOTE: Do not use Microsoft Word or other word processing programs that may add characters.
    Confirm that there are no extra lines or spaces in the file.

    The text file should look like:


              [encoded data]

    -----END CERTIFICATE-----

    NOTE: Click here to download the certificate from your Managed PKI for SSL subscriber services page.
    Please select X.509 as a certificate format and copy only the End Entity Certificate.
  3. Save the file as SSL.txt 

Step 4: Install the SSL Certificate

  1. In Notes, from the administration panel, click System Databases and choose Open Domino Server Certificate Administration (CERTSRV.NSF) on the local machine.
  2. Click Install Certificate into Key Ring.
  3. Enter the file name for the key ring that will store this certificate. The key ring file was created when you created the server certificate request.
  4. Choose one of the following options.
  5. If you copied the contents of the certificate to the clipboard in Step 1, select Clipboard in the "Certificate Source" field. Paste the clipboard contents into the next field.
    If you received a file that contained your certificate in Step 1, detach the file to your hard drive and select File in the "Certificate Source" field. Enter the file name in the File name field.
  6. Click "Merge Certificate into Key Ring".
  7. Enter the password for the server key ring file and click OK to approve the merge.
  8. To verify if your certificate is installed correctly, use the DigiCert Installation Checker

Lotus Domino R5.x
          For more information, see the Lotus Support Center.