Current Currency
  Home |  Why SSLStar? |  Renew SSL |  Buy SSL |  Products |  Support |  Recommendations |  About Us |  Contact Us  
Skip Navigation Links
SSLStar FAQ
SSL Benefits
SSL's and Mobile Devices
What is a Wildcard SSL
SSL Issuers
How to Generate your CSR
How to Install your SSL Certificate

SSLStar is a GeoTrust Platinum Partner
SSLStar is a Versign Platinum Partner
SSLStar is a Thawte Platinum Partner
Installation Instructions - IBMHTTP

Follow these instructions to generate a CSR for your Web site. When you have completed this process, you will have a CSR ready to submit to SSLStar.com in order to be generated into a SSL Security Certificate.

Installing the Root Certificates

  1. Start the MKKF utility by typing mkkf
  2. Select O to Open an existing key ring file. Type the name of the file (usually keyfile.kyr). You will be prompted for the password.

    *Note: If you start the "mkkf" utility from the directory that contains your certificates you will not need to include the path.
  3. Select R to receive a certificate into the Key Ring File.

    You will be prompted for the file name. Enter thawteroot.txt
  4. Enter Thawte Server CA for the label.
  5. Press <Enter> to continue.
  6. Select W to work with Keys and Certificates.
  7. Select L to List/Select the key to work with.
  8. Find the "Thawte Server CA" and select "S" to Select this menu.
  9. Select T to mark this as a Trusted root.
  10. Select Y - Yes - to confirm this request.
  11. Press <Enter> to return to the pervious menu.
  12. Select X to exit the menu.
  13. Repeat steps 4 through 14 using the GeoTrust True BusinessID certificate.

    In Step 5, substitute " True BusinessID.txt."
    In Step 6, substitute "GeoTrust eBusiness CA."
    In Step 10, substitute " GeoTrust eBusiness CA."
Installing your Web Server Certificate

  1. From the main menu of the mkkf utility, select R to Receive a certificate into a Key Ring File
  2. Enter the server certificate file name (eg. "server.txt").
  3. Select W to Work with keys and certificates.

  4. Select L to List/Select the key to work with. Select N until you find the servername.key file.
  5. Select S to Select this certificate.
  6. Select F to mark this key as the selected deFault key.
  7. Select X to exit this menu.
  8. Select C to Create a "stash file" for the key ring.

    Note: This is an important step, which is often overlooked!
  9. Select X to exit the menu.
  10. Select Y - Yes - to save all changes to the key file and confirm the update.
Enabling SSL on your Domino Go Web Server

  1. Access the web server via your browser. Select "Configuration and Administration Forms."
  2. Scroll down to security. Select Security Configuration.
  3. Ensure that "Allow SSL connections using port 443" is selected.
  4. Ensure that the correct Key Ring file is listed.
  5. Apply the changes.
Restarting your Web Server

  1. You will need to stop and start your web server with the following commands: stopsrc -s httpd startsrc -s httpd

Test your certificate by using a browser to connect to your server. Use the https protocol directive (e.g. https://your server/) to indicate you wish to use secure HTTP.

The padlock icon on your browser will be displayed in the locked position if your certificates are installed correctly and the server is properly configured for SSL.

Troubleshooting

If you receive a "Cannot find certificate issuer among trusted roots" error message when importing the root certificate, please try converting it to a binary format certificate from a base 64 format certificate.

» Return to Install Instruction List

  1. Open the IBM Key Management utility
  2. Cut-and-paste the Trusted Root certificate - presented here - into a text file (.txt) on your server.
  3. In the Key Management panel, go to the pull-down menu and select Signer Certificates.
  4. Since the Trusted Root is a text file, select Base64-ASCII encoded data type and change the "*.arm" type to "*.txt" file type. Hit the Browse button and select the Trusted Root certificate .txt file - type the label as FreeSSL CA. This certificate should immediately show up in the list of Signer Certificates.
  5. In the Key Management panel, go to the pull-down menu and select Personal Certificates. Since your new web server certificate is now a text file, select Base64-ASCII encoded data type and change the "*.arm" type to "*.txt" file type. Hit the Receive button and select your web server certificate file. This certificate should immediately show up in the list of Personal Certificates. You can View/Edit to verify your certificate
  6. Add the desired/required modules to complete your server configuration, including setting up SSL Port 443
  7. Check your httpd.conf configuration to verify the path to the appropriate key file ("key.db")
  8. Stop, and then Start your IBM HTTP Server.

Test your certificate by connecting to your server.

Use the https protocol directive (e.g. https://your server/) to indicate you wish to use secure HTTP.

Note: The padlock icon on your Web browser will be displayed in the locked position if you have set up your site properly.

» Return to Install Instruction List

» Go To Create CSR

Home |  Terms And Conditions |  Privacy Policy |  Site Map |  Contact Us  
A StarPAY Group Product - Copyright © 1998 - 2012[M3]