34.5 Enabling SSL by Generating a Keyring and a Stash File

This is optional. Enabling SSL is not mandatory for the WebGate. By generating a Keyring and a stash file, you can enable SSL.

If you need to generate a keyring file (.kyr) and its corresponding stash file (.sth) from the Lotus Notes client on a Windows system to the UNIX system, use the following steps.

To enable SSL by generating a Keyring and a stash file:

  1. Start the Lotus Notes Client on your Windows system.

    For example:

    File, select Databases, then click Open

  2. Select Server Certificate Admin.

  3. Create the key ring file.

  4. Create the certificate request.

  5. Install the trusted root certificate into the key ring file.

  6. Install the certificate into the key ring file.

  7. Copy or ftp the newly created keyring file and stash file from the Windows system to your UNIX computer.

  8. Store both files in your Domino data directory.

To enable SSL

  1. Start a browser and enter the following URL.

    For example:

    http://hostname:port/names.nsf

    You will be prompted for login name and password

  2. Select Server-Server.
  3. Select your intended server.
  4. Select Edit Server.
  5. Select Ports, select Internet Ports, then click Web.
  6. In the SSL Key file name field, enter the absolute path to the keyring file.
  7. Change the SSL Port number value to your desired port number.
  8. Enable SSL port status.
  9. Select Client Certificate "Yes" for Client Certificate authentication.
  10. Click Save and Close to save all your changes.
  11. Restart the Web server.

    For example:

    /opt/lotus/bin/server