CSR Generation Steps Lotus Domino 8.5 Dec 25, 2016
To generate a Certificate Signing Request (CSR) file on Domino 8.5 server, please follow the steps below:
Step 1. Create a server key ring
1. In the Domino Administration client, double-click on Server Certificate Administration.
- Choose Create Key Ring
- When promoted, enter a key ring file name: The default is KEYFILE.KYR. It's helpful to use the extension .KYR to keep key ring file names consistent
- Enter a password for your key ring
- Specify the key size Domino uses when creating the public and private key pairs. Symantec supports a key size of 2048 bits.
Your Distinguished Name information should be entered as follows:
- Country Name (C): Use the two-letter code without punctuation for country, for example: US or CA.
- State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: California.
- Locality or City (L): The Locality field is the city or town name, for example: Berkeley.
- Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
- Organizational Unit (OU): This field is the name of the department or organization unit making the request.
- Common Name (CN): The Common Name is the Host + Domain Name. It looks like "www.company.com" or "company.com".
NOTE: Symantec certificates can only be used on Web servers using the Common Name specified during enrollment. For example, a certificate for the domain "domain.com" will receive a warning if accessing a site named "www.domain.com" or "secure.domain.com", because "www.domain.com" and "secure.domain.com" are different from "domain.com".
- When you click to continue, you should get a message that your key ring file has been created.
- After you read the information about the key ring file and distinguished name, click OK
Step 2. Create Certificate Signing Request
- In the Domino Administration client, double-click on Server Certificate Administration.
- At the next screen you will be able to choose to "Create Certificate Request" from your new key ring.
- Under Key Ring File Name specify the name of the server key ring file including the path to the file.
- Under Log Certificate Request choose one: Yes (default) to log information in the Server Certificate Admin application or
No to not log information
- Under method, choose to "Paste into form on CA's site."
- Enter the password for the server key ring file.
- Copy the CSR (including the BEGIN and END tags) as seen below:
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
The CSR has been Created.