Merging a CA certificate as a trusted root

The server certificate must contain the CA certificate as a trusted root. The trusted root allows servers and clients that have a common CA certificate to communicate. Before you merge a server certificate signed by a CA, merge the CA certificate into your key ring file as a trusted root.

From a Domino CA

About this task

This procedure is the same regardless of whether you are using a Domino® server-based certification authority or a Domino 5 certificate authority.

Procedure

  1. Make sure that you requested the server certificate and mapped a drive to the directory that contains the key ring file.
  2. Browse to the certificate authority application (the Certificate Requests application for a server-based certification authority, and the Domino Certificate Authority for a Domino 5 Certificate Authority) on the Domino CA.
    Note: If you use Microsoft™ Internet Explorer, use HTTP to connect to the application.
  3. Click Accept This Authority in Your Server.
  4. Highlight the certificate text and copy it to the system Clipboard (include the Begin Certificate and End Certificate lines).
  5. From the Domino Administrator, open the Server Certificate Admin application.
  6. Click Install Trusted Root Certificate into Key Ring.
  7. Enter the name of the key ring file that will store this certificate. You specified this name when you created the server certificate request.
  8. Enter the name that the key ring file will use to identify this certificate. If you leave this field blank, Domino uses the distinguished name of the certificate.
  9. In the Certificate Source field, choose Clipboard. Paste the Clipboard contents into the next field.
  10. Click Merge Trusted Root Certificate into Key Ring.
  11. Enter the password for the key ring file, and then click OK.

What to do next

Have the CA Complete the task Signing server certificates

From a third-party CA

About this task

View the default trusted roots in the key ring file to make sure the third-party CA's certificate is not already included. If it is already included, you do not need to complete these steps.

Procedure

  1. Make sure that you requested the server certificate and mapped a drive to the directory that contains the key ring file.
  2. Browse to the Web site of the CA and obtain the CA's trusted root certificate. In most cases, the trusted root certificate is in a file attachment, or the certificate is available for you to copy to the Clipboard.
  3. From the Domino Administrator, open the Server Certificate Admin application.
  4. Click Install Trusted Root Certificate into Key Ring.
  5. Enter the name of the key ring file that will store this certificate. You specified this name when you created the server certificate request.
  6. Enter the name that the key ring file will use to identify this certificate. If you leave this field blank, Domino uses the distinguished name of the certificate.
  7. Do one of the following:
    • If you copied the contents of the CA's certificate to the Clipboard in Step 2, choose Clipboard in the Certificate Source field. Paste the Clipboard contents into the next field.
    • If you received a file that contained the CA's certificate in Step 2, detach the file to your hard drive and select File in the Certificate Source field. Enter the file name in the File name field.
  8. Click Merge Trusted Root Certificate into Key Ring.
  9. Enter the password for the key ring file, and then click OK.

What to do next

Have the CA Complete the task Signing server certificates