You are a Domino Administrator. Life is good, your Domino server runs well and all your users are happy. But suddenly your SSL certificate on your website approaches the last day of validation. Help!
First of all, you should decide whether you would like to create a new certificate through the Server Certificate Admin database on your Domino Server or if you would like to create it through IIS. The first option will create you a .kyr file which you can put on your Domino Server. The second option requires you to convert the .pfx file to a .kyr file by using the iKeyman software. This last option will allow you to secure other non-Domino websites or appliances with the .pfx certificate.
In this blog, I will talk about the first option. I will handle the second option in a separate blog post.
You should start by deciding which SSL certificate you want. There are different certificates in function of the domain(s) you would like to cover and the period for which you want to sign up.
The most common SSL certificate types are: Domain SSL, Organization SSL, Wildcard SSL and Multi-Domain SSL:
- Domain SSL certificate: covers one single domain. E.g. webmail.easi.net
- Organization SSL: covers one website. E.g.: www.easi.net or easi.net
- Wildcard SSL: covers all subdomains of one website: *.easi.net
- Multi-Domain SSL: covers several websites: www.easi.net and www.coworkingplace.net
Once you’ve decided which type of certificate you want, go to your Lotus Domino Administrator and connect to your Domino Server to complete the creation of your certificate. Once your kyr file is ready and has been put in place on your Domino Server, you can try and test your SSL-enabled website.
In case there are problems with the application of the certificate, connect to the console of your Lotus Domino Server and restart HTTP task. When the task is restarting, it will check for problems with the HTTP settings, including the SSL certificate. This will allow you to narrow down to the source of your issue.
Are you still stuck somewhere after this blogpost? Don’t hesitate to contact us !"