{"id":7508,"date":"2013-09-10T08:45:00","date_gmt":"2013-09-10T06:45:00","guid":{"rendered":"http:\/\/nolabnoparty.com\/?p=7508"},"modified":"2013-09-10T08:57:16","modified_gmt":"2013-09-10T06:57:16","slug":"renew-ssl-certificate-lotus-domino-8-5","status":"publish","type":"post","link":"https:\/\/nolabnoparty.com\/en\/renew-ssl-certificate-lotus-domino-8-5\/","title":{"rendered":"Renew the SSL certificate in Lotus Domino 8.5"},"content":{"rendered":"<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 10px auto 5px; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl01\" alt=\"renewssl01\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl01.jpg\" width=\"602\" height=\"202\" border=\"0\" \/><\/p>\n<p>When the certificate in Lotus Domino is close to expiration, you can <strong>use the existing key ring<\/strong> to renew the SSL certificate.<\/p>\n<p>The procedure consists in sending the <strong>certification request to the CA<\/strong> that will return the stamped SSL certificate.<\/p>\n<p><!--more--><\/p>\n<h2>Select key ring<\/h2>\n<p>When you try accessing the <strong>Server Certification Administration<\/strong> page you may receive the following error message:<\/p>\n<blockquote><p>Invalid or nonexistent document<\/p><\/blockquote>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl02\" alt=\"renewssl02\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl02.jpg\" width=\"600\" height=\"296\" border=\"0\" \/><\/p>\n<p>To avoid the \u201cInvalid or nonexistent document\u201d error message, open the <strong>Server Certificate Administration<\/strong> through the menu <strong>File &gt; Application &gt; Open<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl03\" alt=\"renewssl03\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl03.jpg\" width=\"452\" height=\"385\" border=\"0\" \/><\/p>\n<p>Set the <strong>Look in<\/strong> field as <strong>DominoMail\/<span style=\"color: #ff0000;\"><em>yourdomain<\/em><\/span>\/IT<\/strong>, select the <span style=\"color: #ff0000;\"><strong>Server Certificate Admin<\/strong><\/span> item then click <strong>Open<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl04\" alt=\"renewssl04\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl04.jpg\" width=\"491\" height=\"276\" border=\"0\" \/><\/p>\n<p>The application should open now. <strong>Click View &amp; Edit Key Rings<\/strong> option to access <strong>your own SSL certificate<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl05\" alt=\"renewssl05\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl05.jpg\" width=\"600\" height=\"350\" border=\"0\" \/><\/p>\n<p>If not already set, click on <strong>Select Key Ring to Display<\/strong> in order to work with current active SSL certificate. Type the <strong>path and filename<\/strong> then click <strong>OK<\/strong>. As a best practice avoid working on the original file but consider to make a copy instead.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl06\" alt=\"renewssl06\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl06.jpg\" width=\"600\" height=\"240\" border=\"0\" \/><\/p>\n<p>Enter the <strong>password<\/strong> to access the file then click <strong>OK<\/strong>. The password is stored in the file <strong>.sth<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl07\" alt=\"renewssl07\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl07.jpg\" width=\"432\" height=\"161\" border=\"0\" \/><\/p>\n<p>The <strong>correct file<\/strong> is now set.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl08\" alt=\"renewssl08\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl08.jpg\" width=\"600\" height=\"453\" border=\"0\" \/><\/p>\n<p>Click on <strong>Create Key Rings &amp; Certificates<\/strong> option to access the page we need to create the new certificate.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl09\" alt=\"renewssl09\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl09.jpg\" width=\"600\" height=\"227\" border=\"0\" \/><\/p>\n<p>&nbsp;<\/p>\n<h2>Create certificate request<\/h2>\n<p>First step is the creation of the certificate request to send to the Certification Authority. Click the <strong>Create Certificate Request<\/strong> option.<\/p>\n<p>&nbsp;<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl10\" alt=\"renewssl10\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl10.jpg\" width=\"474\" height=\"267\" border=\"0\" \/><\/p>\n<p>Fill the requested fields then click on <strong>Create Certificate Request<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl11\" alt=\"renewssl11\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl11.jpg\" width=\"590\" height=\"612\" border=\"0\" \/><\/p>\n<p>Enter the <strong>password<\/strong> to access the file then click <strong>OK<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl12\" alt=\"renewssl12\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl12.jpg\" width=\"432\" height=\"161\" border=\"0\" \/><\/p>\n<p>Copy the certificate <strong>including the BEGINS and END lines<\/strong> to send to the CA.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl13\" alt=\"renewssl13\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl13.jpg\" width=\"600\" height=\"490\" border=\"0\" \/><\/p>\n<p>Paste the copied <strong>certificate to the module request<\/strong> then wait the CA to return the signed certificate.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl14\" alt=\"renewssl14\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl14.jpg\" width=\"551\" height=\"397\" border=\"0\" \/><\/p>\n<p>&nbsp;<\/p>\n<h2>Install trusted Root certificate<\/h2>\n<p>Once the CA returns the signed certificate, we need first to <strong>install the Authority Trusted Root certificate<\/strong>. From main page click <strong>Install Trusted Root Certificate into Key Ring<\/strong> option.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl15\" alt=\"renewssl15\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl15.jpg\" width=\"474\" height=\"264\" border=\"0\" \/><\/p>\n<p>Fill requested fields and paste the CA Root certificate then click <strong>Merge Trusted Root Certificate into Key Ring<\/strong> button.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl16\" alt=\"renewssl16\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl16.jpg\" width=\"600\" height=\"741\" border=\"0\" \/><\/p>\n<p>Enter the <strong>password<\/strong> to access the file then click <strong>OK<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl17\" alt=\"renewssl17\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl17.jpg\" width=\"432\" height=\"161\" border=\"0\" \/><\/p>\n<p>When the summary Window appears click <strong>OK<\/strong> to proceed with merge.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl18\" alt=\"renewssl18\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl18.jpg\" width=\"600\" height=\"378\" border=\"0\" \/><\/p>\n<p>The confirmation window appears. Repeat same step if any <strong>intermediate CA certificates<\/strong> are used by the Authority.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl19\" alt=\"renewssl19\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl19.jpg\" width=\"522\" height=\"173\" border=\"0\" \/><\/p>\n<p>&nbsp;<\/p>\n<h2>Install the certificate<\/h2>\n<p>Once Trusted Root Certificate has been installed, we need to <strong>install the actual SSL certificate<\/strong> into Key Ring. Click <strong>Install Certificate Into Key Ring<\/strong> option.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl20\" alt=\"renewssl20\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl20.jpg\" width=\"484\" height=\"261\" border=\"0\" \/><\/p>\n<p>Fill requested fields and paste the certificate received from CA then click <strong>Merge Certificate into Key Ring<\/strong> button.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl21\" alt=\"renewssl21\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl21.jpg\" width=\"600\" height=\"595\" border=\"0\" \/><\/p>\n<p>Enter the <strong>password<\/strong> to access the file then click <strong>OK<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl22\" alt=\"renewssl22\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl22.jpg\" width=\"432\" height=\"161\" border=\"0\" \/><\/p>\n<p>The confirmation Window appears showing the certificate info. Click <strong>OK<\/strong> to proceed with merge.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl23\" alt=\"renewssl23\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl23.jpg\" width=\"600\" height=\"341\" border=\"0\" \/><\/p>\n<p>Click <strong>OK<\/strong> to proceed.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl24\" alt=\"renewssl24\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl24.jpg\" width=\"589\" height=\"153\" border=\"0\" \/><\/p>\n<p>The <strong>certificate is now installed<\/strong> into Key Ring.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl25\" alt=\"renewssl25\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl25.jpg\" width=\"522\" height=\"163\" border=\"0\" \/><\/p>\n<p>&nbsp;<\/p>\n<h2>Configure Domino SSL settings<\/h2>\n<p>From <strong>Domain Administrator<\/strong>, click <strong>Configuration &gt; Server &gt; All Server Documents &gt; Ports &gt; Internet Ports<\/strong>. Check that SSL key file name contains the <strong>correct path and filename<\/strong> then click <strong>Save &amp; Close<\/strong> button.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl26\" alt=\"renewssl26\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl26.jpg\" width=\"600\" height=\"513\" border=\"0\" \/><\/p>\n<p><strong>Copy the updated Key Ring files<\/strong> (both <strong>*.kyr<\/strong> and <strong>*.sth<\/strong>) in <strong>Domino Data<\/strong> under<em>\\Lotus\\Domino\\data<\/em> directory.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl27\" alt=\"renewssl27\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl27.jpg\" width=\"600\" height=\"233\" border=\"0\" \/><\/p>\n<p>To activate new configuration, <strong>restart the http server<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl28\" alt=\"renewssl28\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl28.jpg\" width=\"600\" height=\"177\" border=\"0\" \/><\/p>\n<p>&nbsp;<\/p>\n<h4>Check the SSL certificate<\/h4>\n<p>When you click from your browser the certificate details while accessing the webmail through https, you can check the <strong>new validation period of the SSL<\/strong> certificate.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"renewssl29\" alt=\"renewssl29\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/09\/renewssl29.jpg\" width=\"449\" height=\"550\" border=\"0\" \/><\/p>\n<p>The <strong>procedure is now complete<\/strong> and the system is now up-to-date with the new SSL certificate.<\/p>\n<p><img decoding=\"async\" alt=\"firma\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/images\/firma.jpg\" title=\"\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>When the certificate in Lotus Domino is close to expiration, you can use the existing key ring to renew the SSL certificate. The procedure consists in sending the certification request to the CA that will return the stamped SSL certificate.<\/p>\n","protected":false},"author":3,"featured_media":7479,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rop_custom_images_group":[],"rop_custom_messages_group":[],"rop_publish_now":"initial","rop_publish_now_accounts":{"linkedin_93tdZWzMZc_93tdZWzMZc":"","facebook_2879994398731222_17841400390232720":"","twitter_113568041_113568041":"","mastodon_115463926174894442_115463926174894442":""},"rop_publish_now_history":[],"rop_publish_now_status":"pending","footnotes":""},"categories":[539,534],"tags":[682,600,601,680],"class_list":["post-7508","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-lotus-domino-en","category-messaging-en","tag-certificate-en","tag-domino-en","tag-lotus-en","tag-ssl-en","has_thumb"],"_links":{"self":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/7508","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/comments?post=7508"}],"version-history":[{"count":0,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/7508\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media\/7479"}],"wp:attachment":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media?parent=7508"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/categories?post=7508"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/tags?post=7508"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}