Creating a self-certified certificate to test TLS certification

You can create a self-certified certificate to test the certificate procedure at your organization. Because this certificate is not certified by a CA, use it only for testing purposes.

About this task

Note: This procedure describes steps used in Domino 11 and earlier versions. As of Domino 12, use of Certificate Manager and Certificate Store (certstore.nsf) is the preferred method for generating and managing certificates. For more information, see Managing TLS certificates with Certificate Manager.

Procedure

  1. From the HCL Notes® client, open the Server Certificate Admin application, and then click Create Key Rings & Certificates.
  2. Click Create Key Ring with Self-Certified Certificate.
  3. Complete these fields, and then click Create Key Ring with Self-Certified Certificate:
    Table 1. Key ring with self-certified certificate fields

    Field

    Enter

    Key ring file name

    A file name with the extension .KYR.

    Key ring password

    At least 12 case-sensitive, alphanumeric characters.

    Common name

    A descriptive name that identifies the server certificate -- such as, Renovations TLSCA.

    Organization

    The name of the organization -- for example, a company name, such as Renovations.

    Organizational Unit

    Name of certifier division or department.

    City or Locality

    The organization city or locality.

    State or Province

    Three or more characters that represent the state or province in which the organization resides -- for example, Massachusetts. (For U.S. states, enter the complete state name, not the abbreviation.)

    Country

    A two-character representation of the country in which the organization resides -- for example, US for United States or CA for Canada.

  4. Copy the key ring file and stash (.STH) file to the HCL Domino® data directory of the server.
  5. Configure the port for TLS.
  6. Set up database access.