SSLサーバ証明書のセキュア・ステージ

• 
• 

IBM Domino Go 4.6.2.6+

Your certificate will be sent to you by email. The email message includes the web server certificate that you purchased in the body of the email message.

Copy the certificate from the body of the email and paste it into a text editor (such as notepad) to create text files.

Installing the Root Certificates

Create 3 text files. The first file should be the Thawte Certificate.

Name this file "thawte.txt". The second file should be the GeoTrust True BusinessID certificate. Name this file "True BusinessID.txt". The last file should be Your Web Server Certificate. Name this file "server.txt".

Note: Be sure to include the -----BEGIN CERTIFICATE----- line and the ------END CERTIFICATE----- line.

Start the MKKF utility by typing mkkf.

Select "O" to Open an existing key ring file. Type the name of the file (usually keyfile.kyr). You will be prompted for the password.

*Note: If you start the "mkkf" utility from the directory that contains your certificates you will not need to include the path.

Select "R" to receive a certificate into the Key Ring File.

You will be prompted for the file name. Enter thawteroot.txt.

Enter Thawte Server CA for the label.

Press <Enter> to continue.

Select "W" to work with Keys and Certificates.

Select "L" to List/Select the key to work with.

Find the "Thawte Server CA" and select "S" to Select this menu.

Select "T" to mark this as a Trusted root.

Select "Y" - Yes - to confirm this request.

Press <Enter> to return to the pervious menu.

Select "X" to exit the menu.

Repeat steps 4 through 14 using the GeoTrust True BusinessID certificate.

• In Step 5, substitute " True BusinessID.txt."
• In Step 6, substitute "GeoTrust eBusiness CA."
• In Step 10, substitute " GeoTrust eBusiness CA."

Installing your Web Server Certificate

From the main menu of the mkkf utility, select "R" to Receive a certificate into a Key Ring File.

Enter the server certificate file name (eg. "server.txt").

Select "W" to Work with keys and certificates.

Select "L" to List/Select the key to work with. Select "N" until you find the servername.key file.

Select "S" to Select this certificate.

Select "F" to mark this key as the selected deFault key.

Select "X" to exit this menu.

Select "C" to Create a "stash file" for the key ring.

Note: This is an important step, which is often overlooked!

Select "X" to exit the menu.

Select "Y" - Yes - to save all changes to the key file and confirm the update.

Enabling SSL on your Domino Go Web Server

Access the web server via your browser. Select "Configuration and Administration Forms."

Scroll down to security. Select Security Configuration.

Ensure that "Allow SSL connections using port 443" is selected.

Ensure that the correct Key Ring file is listed.

Apply the changes.

Restarting your Web Server

You will need to stop and start your web server with the following commands: stopsrc -s httpd startsrc -s httpd

Test your certificate by using a browser to connect to your server. Use the https protocol directive (e.g. https://your server/) to indicate you wish to use secure HTTP.

The padlock icon on your browser will be displayed in the locked position if your certificates are installed correctly and the server is properly configured for SSL.