CSR Generation Steps Lotus Domino 8.5

Dec 25, 2016

To generate a Certificate Signing Request (CSR) file on Domino 8.5 server, please follow the steps below:

Step 1. Create a server key ring

1.      In the Domino Administration client, double-click on Server Certificate Administration.

  1. Choose Create Key Ring
  2. When promoted, enter a key ring file name: The default is KEYFILE.KYR. It's helpful to use the extension .KYR to keep key ring file names consistent
  3. Enter a password for your key ring
  4. Specify the key size Domino uses when creating the public and private key pairs. Symantec supports a key size of 2048 bits.
  5.  Your Distinguished Name information should be entered as follows:
    • Country Name (C): Use the two-letter code without punctuation for country, for example: US or CA.
    • State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: California.
    • Locality or City (L): The Locality field is the city or town name, for example: Berkeley.
    • Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
    • Organizational Unit (OU): This field is the name of the department or organization unit making the request.
    • Common Name (CN): The Common Name is the Host + Domain Name. It looks like "www.company.com" or "company.com".
      NOTE: Symantec certificates can only be used on Web servers using the Common Name specified during enrollment. For example, a certificate for the domain "domain.com" will receive a warning if accessing a site named "www.domain.com" or "secure.domain.com", because "www.domain.com" and "secure.domain.com" are different from "domain.com".
  6.  When you click to continue, you should get a message that your key ring file has been created.
  7. After you read the information about the key ring file and distinguished name, click OK


Step 2. Create Certificate Signing Request

  1. In the Domino Administration client, double-click on Server Certificate Administration.
  2. At the next screen you will be able to choose to "Create Certificate Request" from your new key ring.
  3. Under Key Ring File Name specify the name of the server key ring file including the path to the file. 
  4. Under Log Certificate Request choose one: Yes (default) to log information in the Server Certificate Admin application or
     to not log information
  5. Under method, choose to "Paste into form on CA's site."
  6. Enter the password for the server key ring file.
  7. Copy the CSR (including the BEGIN and END tags) as seen below:


              [encoded data]


The CSR has been Created.

Have any Questions


If you have any questions, feel free to call us