Setting up SSL on a Domino server
Set up SSL on a Domino server so that clients and servers that connect to the server use SSL to ensure privacy and authentication on the network. You set up SSL on a protocol-by-protocol basis. For example, you can enable SSL for mail protocols -- such as IMAP, POP3, and SMTP -- and not for other protocols.

To set up SSL on your server, you need a key ring containing a server certificate from an Internet certificate authority. You can request and obtain a server certificate from either a Domino or third-party certificate authority (CA) and then install it in a key ring. A server certificate is a binary file that uniquely identifies the server. The server certificate is stored on the server's hard drive and contains a public key, a name, an expiration date, and a digital signature. The key ring also contains root certificates used by the server to make trust decisions.

This describes the process to follow if you need to set up SSL on a Domino server that is not already a Domino certificate authority server. You complete the setup process regardless of whether you request a server certificate from a Domino or third-party CA.

Note You can enable SSL on a server when you register the server if you have already have a Domino server-based certification authority running in the Domino domain.

For more information about enabling SSL on a server at server registration, see the topic Registering a server.

To set up SSL on a Domino server

1. Set up the Server Certificate Admin application (CERTSRV.NSF), which Domino creates automatically during server setup.

2. Create a server key ring file to store the server certificate.

3. Request an SSL server certificate from the CA.

4. Merge the CA certificate as a trusted root into the server key ring file.

5. The CA approves the request for a server certificate and sends notification that you can pick up the certificate.

6. Merge the approved server certificate into the key ring file.

7. Configure the port for SSL.

8. If you are using client authentication, add the client's name to database ACLs and access lists for design elements.

See also