How to setup a cheap godaddy cert with domino

I have had a few people ask me questions on how I did this. I thought that I would share this with everyone. Hope it helps.

Below are the directions on how to set this up.

1.) From your CLIENT (not web), open up the certsrv.nsf file

2.) Select “Create Key Rings & Certificates” on the left nav bar

3.) Click “Create Key Ring” (in the file area, I renamed the default to c:\dom1.kyr because that is my servername). This also generate a dom1.sth file. You will later on need to upload both files to the data directory on the domino server.

4.) Provide a good password

5.) Set the key size to 1024 if this is a “US” / “Canada”

6.) set the common name. For an example, if you want to create a cert for https://myserver2.mydomain.com, you would ONLY type myserver2.mydomain.com.

7.) Then click "Create Key Ring

Create a CSR (to give to godaddy)

1.) Open up certsrv.nsf from your domino client

2.) Select OPTION 2 (Create Certificate Request)

3.) Make sure that the key ring you just created has the correct path.

4.) Set Log Certificate Request to yes

5.) Set the Method to Paste into from on CA’s site

6.) Click “Create Certificate Request”

7.) Provide your key ring password

8.) Copy the CSR text from the popup

9.) Paste this CSR from clipboard into notepad and save it on your computer for safe keeping. Before you can purchase a cert (CRT), you will have to have this csr

Purchase the Certificate. I purchased the cheap Turbo SSL Cert. Again, you will have to provide the CSR that you created from the above steps in order to get a CRT.

You will have to install the Trusted Root and Intermediate Certs first. I am going to provide this for you.

1.) Open up certsrv.nsf

2.) Select OPTION 3 (“Install Trusted Root Certificate into Key Ring”)

3.) Create a lable name (Something like godaddy root cert)

3.)I would use the “Clipboard” option as the cert source. Copy the root certificate below. Starting from -----BEGIN CERTIFICATE----- and ending with -----END CERTIFICATE-----

Root certificate

-----BEGIN CERTIFICATE-----

MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0

IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz

BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y

aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG

9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy

NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y

azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs

YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw

Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl

cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY

dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9

WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS

v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v

UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu

IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC

W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd

-----END CERTIFICATE-----

Then do the exact same again, except copy and paste the intermediate certificate below:

1.) Open up certsrv.nsf

2.) Select OPTION 3 (“Install Trusted Root Certificate into Key Ring”)

3.) Create a lable name (Something like godaddy intermediate cert)

3.) I would use the “Clipboard” option as the cert source. Copy the root certificate below. Starting from -----BEGIN CERTIFICATE----- and ending with -----END CERTIFICATE-----

Intermediate Certificate

-----BEGIN CERTIFICATE-----

MIIEQTCCA6qgAwIBAgICAQQwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1Zh

bGlDZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIElu

Yy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24g

QXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAe

BgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTA0MDExNDIxMDUyMVoX

DTI0MDEwOTIxMDUyMVowgewxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25h

MRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5v

bG9naWVzLCBJbmMuMTAwLgYDVQQLEydodHRwOi8vd3d3LnN0YXJmaWVsZHRlY2gu

Y29tL3JlcG9zaXRvcnkxMTAvBgNVBAMTKFN0YXJmaWVsZCBTZWN1cmUgQ2VydGlm

aWNhdGlvbiBBdXRob3JpdHkxKjAoBgkqhkiG9w0BCQEWG3ByYWN0aWNlc0BzdGFy

ZmllbGR0ZWNoLmNvbTCBnTANBgkqhkiG9w0BAQEFAAOBiwAwgYcCgYEA2xFDa9zR

aXhZSehudBQIdBFsfrcqqCLYQjx6z59QskaupmcaIyK+D7M0+6yskKpbKMJw9raK

gCrgm5xS4JGocqAW4cROfREJs5651POyUMRtSAi9vCqXDG2jimo8ms9KNNwe3upa

JsChooKpSvuGIhKQOrKC1JKRn6lFn8Ok2/sCAQOjggEhMIIBHTAMBgNVHRMEBTAD

AQH/MAsGA1UdDwQEAwIBBjBKBgNVHR8EQzBBMD+gPaA7hjlodHRwOi8vY2VydGlm

aWNhdGVzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkvcm9vdC5jcmwwTwYD

VR0gBEgwRjBEBgtghkgBhvhFAQcXAzA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3

LnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkwOQYIKwYBBQUHAQEELTArMCkG

CCsGAQUFBzABhh1odHRwOi8vb2NzcC5zdGFyZmllbGR0ZWNoLmNvbTAdBgNVHQ4E

FgQUrFXet+oT6/yYaOJTYB7xJT6M7ucwCQYDVR0jBAIwADANBgkqhkiG9w0BAQUF

AAOBgQB+HJi+rQONJYXufJCIIiv+J/RCsux/tfxyaAWkfZHvKNF9IDk7eQg3aBhS

1Y8D0olPHhHR6aV0S/xfZ2WEcYR4WbfWydfXkzXmE6uUPI6TQImMwNfy5wdS0XCP

mIzroG3RNlOQoI8WMB7ew79/RqWVKvnI3jvbd/TyMrEzYaIwNQ==

-----END CERTIFICATE-----

Install the SSL Certificate

When you get the certificate from godaddy, do the below:

1.) Open the Domino Server Certificate Admin database

2.) Select option 4, (“Install Certificate into Key Ring”)

3.) Select filename as the Certificate Source

4.) Save the SSL Cert to the c:\ drive or somewhere where you can remember

5.) Type in the path and file name of the SSL Cert that you just saved.

6.) Click the Merge Certificate into Key Ring button.

Save both the keyfile.sth and keyfile.kyr to the server. I uploaded mine via binary mode.

Configure Domino server config document.

Subject: How to setup a cheap godaddy cert with domino

The certificates listed here are now old and don’t seem to work. The process is correct, but instead of using these certs and pasting, just go to the GoDaddy repository (https://certificates.godaddy.com/Repository.go#root_der) and download the new files.

Right click the root and intermediate links and choose SAVE. If you just click the link you will probably get a message that they are already installed - but this mean they are installed in your BROWSER not on the keyring.