Generating a keyring file with a self-signed or third-party certificate
To set up TLS on your server, you need a server certificate from an Internet certificate authority.
You can use a self-signed certificate or one from a third-party certificate authority (CA). A server certificate is a binary file that uniquely identifies the server. The server certificate is stored on the server's hard drive and contains a public key, a name, an expiration date, and a digital signature. The key ring also contains root certificates used by the server to make trust decisions.
However, you can still use use OpenSSL (available on the Internet) and KYRTool (installed with Domino) to generate a keyring file for Domino servers to use. For instructions, see the article How to set up SSL using a third-party Certificate Authority (CA) on the HCL Software Support site.