Merging a CA certificate as a trusted root
The server certificate must contain the CA certificate as a trusted root. The trusted root allows servers and clients that have a common CA certificate to communicate. Before you merge a server certificate signed by a CA, merge the CA certificate into your key ring file as a trusted root.
From a Domino® CA
About this task
Procedure
- Make sure that you requested the server certificate and mapped a drive to the directory that contains the key ring file.
- Browse to the certificate authority application (the Certificate
Requests application for a server-based certification authority, and
the Domino® Certificate Authority
for a Domino® 5 Certificate
Authority) on the Domino® CA.
Note: If you use Microsoft™ Internet Explorer, use HTTP to connect to the application.
- Click Accept This Authority in Your Server.
- Highlight the certificate text and copy it to the system Clipboard (include the Begin Certificate and End Certificate lines).
- From the Domino® Administrator, open the Server Certificate Admin application.
- Click Install Trusted Root Certificate into Key Ring.
- Enter the name of the key ring file that will store this certificate. You specified this name when you created the server certificate request.
- Enter the name that the key ring file will use to identify this certificate. If you leave this field blank, Domino® uses the distinguished name of the certificate.
- In the Certificate Source field, choose Clipboard. Paste the Clipboard contents into the next field.
- Click Merge Trusted Root Certificate into Key Ring.
- Enter the password for the key ring file, and then click OK.
What to do next
From a third-party CA
About this task
View the default trusted roots in the key ring file to make sure the third-party CA's certificate is not already included. If it is already included, you do not need to complete these steps.
Procedure
- Make sure that you requested the server certificate and mapped a drive to the directory that contains the key ring file.
- Browse to the Web site of the CA and obtain the CA's trusted root certificate. In most cases, the trusted root certificate is in a file attachment, or the certificate is available for you to copy to the Clipboard.
- From the Domino® Administrator, open the Server Certificate Admin application.
- Click Install Trusted Root Certificate into Key Ring.
- Enter the name of the key ring file that will store this certificate. You specified this name when you created the server certificate request.
- Enter the name that the key ring file will use to identify this certificate. If you leave this field blank, Domino® uses the distinguished name of the certificate.
- Do one of the following:
- If you copied the contents of the CA's certificate to the Clipboard in Step 2, choose Clipboard in the Certificate Source field. Paste the Clipboard contents into the next field.
- If you received a file that contained the CA's certificate in Step 2, detach the file to your hard drive and select File in the Certificate Source field. Enter the file name in the File name field.
- Click Merge Trusted Root Certificate into Key Ring.
- Enter the password for the key ring file, and then click OK.