How to configure Domino CA to support SSL

How to configure Domino CA to support SSL
(1) configuration verification word authoritative server
1. Create an authoritative database for verification words
1) Click "file" -- "Database" -- "new" in the menu"
2) server: select an authoritative server for verification words
Template server: select an authoritative server for verification words
Template: click "show advanced template" and select "Domino R5 verification word authority" template (cca50.ntf)
Database Name: cerchloroform. nsf (this name must be used in r4.6x)
 
3) Click "OK ".
2. Configure an authoritative database for verification words
1) Open the authoritative database for verification words, and click "authoritative configuration for verification words" on the left.
2) Click "create verification word authoritative key file and Certificate" Key File Information on the right side:
Key File Name: name of the file that stores the verification word authoritative key and certificate, relative to the data directory of the Administrator client. If the file is placed in another directory, enter the absolute path. The default value is cakey. Kyr.
Key File Password: at least six characters are recommended
Password verification: re-enter the password
File Size:
Key size: 512 or 1024
Level name: provides a unique identifier of the word authority, including
Common Name: authoritative name of the verification word, such as cyber ca
Organization: company name, such as cyber
State/province: at least three characters, such as Beijing
Country: two-character country code, such as CN
Click "create verification word authoritative key file". A window is displayed, Showing Verification word authority information. Click "OK ".
 
3) Click "" on the right to configure related options, and click "save close ".
 
 
4) Click "create server key file and Certificate" on the right"
Server key file information:
 
Key File Name: name of the file that stores the server key and certificate, relative to the data directory of the Administrator client. If the file is placed in another directory, enter the absolute path. The default value is Keyfile. Kyr.
Key File Password: at least six characters are recommended
Password verification: re-enter the password
 
File Size:
Key size: Choose 512
Verification word authority certificate ID: Enter the authority name of the verification word, such as cyber ca
 
Server level name: provides a unique identifier for your site, including

Common Name: server name, for exampleWww.cyber.com
Organization: company name, such as cyber
State/province: at least three characters, such as Beijing
Country: two-character country code, such as CN

Click the "Create server key file" button, enter the password of the authentication word authoritative key file, and click "OK.
A window is displayed, showing the server key file information. Click "OK ".

(2) configuration verification word authoritative server document
1. Open the public communication record database, select the "server" subview under the "server" view, and edit the document of the CA server.
2. Click the label "Port" -- "Internet port" -- "Web"

SSL Key File Name: enter the name of the key file of the CA server, relative to the data directory of the server. If the file is placed in another directory, enter the absolute path. The default value is Keyfile. Kyr.
SSL port: 443
SSL port status: Enabled
Verification option: select the following authentication method as needed (client certificate, name and password, anonymous)

3. Restart the server to take effect.
4. Start an HTTP server task

(3) Configure the server verification word management database and apply for a certificate from the CA server for the Web Server
Note: The database is automatically generated by the system. If your Web server and the CA Server are the same Domino server, the web server uses the CA server certificate. You do not need to configure this step.
1. Open the server verification word management database (certsrv. nsf) on the server, and click "create key file and Certificate" on the left.
2. Click "create key file" on the right side. The process is as follows: "Create an authoritative key file and certificate.
3. Click "create certificate request" on the right"

Confirm key file name
Select the request method. There are two types: paste from the CA Site; send to the CA via e-mail. The following is described in the previous example.
Click "create certificate request", enter the password of the server's key file, and click "OK ".
In the subsequent certificate creation request window, copy all the characters in the following section to the clipboard and click "OK ".

4. submit a certificate request

Start the browser and enterHttp: // caservername/cerchloroform. nsfWhere caservername is the name of your CA server.
Click "request server certificate" on the left, enter the contact information on the right, paste the information on the clipboard in step 1 to the following domain, and click "submit certificate request ".

5. Extract the verification word authority as the Trusted Root Certificate

Start the browser and enterHttp: // caservername/cerchloroform. nsfWhere caservername is the name of your CA server.
Click "Accept this authority in your server" on the left, and copy the bottom section to the clipboard on the right of the screen.

6. Install the verification word authority certificate in the server key file as the Trusted Root Certificate
1) Open the server verification word management database (certsrv. nsf) on the server, and click "create key file and Certificate" on the left.
2) Click "install Trusted Root Certificate in the key file" on the right"

Confirm key file name
Certificate ID: Enter the authority name of the verification word, such as cyber ca
Certificate Source: select "Clipboard"
Paste the information on the clipboard in step 1 to the following domain and click "merge Trusted Root Certificates into the server key file"
Enter the Authority password of the verification word and click "OK ".
View the merging information and click "OK ".
Click OK.

7. The Authority Administrator agrees to the certificate request.
1) Open the verification word Authority database, click "server certificate request" View on the left
2) The certificate request document submitted by the Web server appears on the right.

Modify the term of use, remember to extract the ID, and click "agree ".
Enter the Authority password of the verification word and click "OK ".
Enter the host name of the site and click "OK ".

8. Extract the server certificate

Start the browser and enterHttp: // caservername/cerchloroform. nsfWhere caservername is the name of your CA server.
Click "extract server certificate" on the left, enter the extracted ID you noted down on the right, and click "extract signature certificate ".
Copy all the characters in the following section to the clipboard.

9. Install the signed certificate in the server key file
1) Open the server verification word management database (certsrv. nsf) on the server, and click "create key file and Certificate" on the left.
2) Click "Install Certificate in key file" on the right side"

Confirm key file name
Certificate Source: select "Clipboard"
Paste the information on the clipboard in step 1 to the following domain and click "merge certificate into server key file"
Enter the Authority password of the verification word and click "OK ".
View the merging information and click "OK ".
Click OK.

10 configure web server documentation
1) Open the public communication record database, select the "server" subview under the "server" view, and edit the Web server documentation.
2) Click the label "Port" -- "Internet port" -- "Web"

SSL Key File Name: enter the name of the key file of the web server, relative to the data directory of the server. If the file is placed in another directory, enter the absolute path. The default value is Keyfile. Kyr.
SSL port: 443
SSL port status: Enabled
Verification option: select the following authentication method as needed (client certificate, name and password, anonymous)

3) restart the server to take effect.
4) Start an HTTP server task

(4) configure the browser to apply for a certificate from the CA Server
1. the browser trusts the authentication word authority

Start the browser and enterHttp: // caservername/cerchloroform. nsfWhere caservername is the name of your CA server.
Click "Accept this authority in your browser" on the left, and click "Accept this authority in your browser" in the window on the right"
Click "Next" for five consecutive times, enter the authoritative name of the verification word, such as cyber Ca, and click "finish ".

2. the browser submits a certificate request.

Start the browser and enterHttp: // caservername/cerchloroform. nsfWhere caservername is the name of your CA server.
Click "request client certificate" on the left, enter certificate information and contact information in the window on the right, set the encryption length to 512, and click "submit certificate request ".
In the private key generation window, click "OK ".
Set the communicator password and click "OK ".

3. The Authority Administrator agrees to the certificate request.
1) Open the verification word Authority database, click "client certificate request" View on the left
2) The certificate request document submitted by the client appears on the right screen. Open this document.

Select to register a certificate in the Public Address Book
User name: select the user using the certificate from the address book
Modify the term of use, remember to extract the ID, and click "agree ".
Enter the Authority password of the verification word and click "OK ".

4. Extract client certificates

Start the browser and enterHttp: // caservername/cerchloroform. nsfWhere caservername is the name of your CA server.
Click "extract client certificate" on the left, enter the extracted ID you noted down on the right, and click "extract signature certificate ".
Click "Accept certificate ".

5 (optional) if you are using a third-party ca, click "register client certificate" on the left ".

After the configuration is complete, you can access the Web server through https: // in the URL.