1. Register Internet Certifier on server :
From the Domino Administrator, click Configuration.
On the Tools pane, select Registration - Internet Certifier.
In the Register Internet Certifier dialog box, select "I want to register a new Internet certifier that uses the CA process."
In the Register a New Internet Certifier dialog box, click Basics.
Create the certifier name. Specify a common name is enough. also check Server II option[Add by Li Sui]
load ca on server console
2. create Cert Request DB using certreq.ntf ---select the server and the ca
3. In Certreq.nsf DB -> Domino Key Ring Managent -> Create Key ring -> fill the keyring file name,password, common name(FQDN of the server) ,and country .
Then goto Pending/Submitted Requests pane : Submit Select Requests
4. Open Admin4.nsf -> Certification Authority Requests -> Certificate Requests
Open the request you just submitted, click Edit and then click Approved.
Tell adminp p a on server console
load ca[add by Sui Li]
Wait till the keyring is signed and issued by the CA.
5. Return to Certreq.nsf -> Pending/Submitted Requests : Pull Select Requests
Create cross cert between notes id and internet cert : specify the CA hostsed server and Notes Cert.id in the popup dlg.
Note that you may need to recreate it if there are problems when send encrypted mail.
6. Open Administrator's mail file : copy the pickup id
Then reture to Certreq.nsf DB -> Domino Key Ring Managent -> Pickup Key ring certificate ->
fill the keyfile name and password and pickup id ,then click Pickup Certificate.
7. Copy the pair of key files to server data directory: keyfile.kyr keyfile.sth
8. Enable 443 port in server doc -> Ports tab -> Internet ports.
9. Restart server.
Enable Secondary server:
Repeat steps from 3 to 9, but need enter the secondary name in step 3 on primary server and copy the pair of key files to the secondary server data directory in step 7.
About internet cert only user:
load ca
Add internet cert to the selected users in Domino Administration client.
the dwa user open his/her mail file from browser
Open the Preferences dlg and goto Security tab to view the certificate information to make sure x509 cert is populated to mail file.
Delete the Notes public key in the person document.