IBM Support

Lotus Education On Demand: Lotus Domino Certification Authority Tutorial



This free tutorial will introduce you to the Lotus Domino Certification Authority (CA) process, which is used to manage and process certificate requests.


The Certification Authority (CA) process is a Lotus Domino server task that is used to manage and process certificate requests. The CA process runs as an automated process on Lotus Domino servers that are used to issue certificates. When you set up a Lotus Notes or Internet certifier, you link it to the CA process on the server in order to take advantage of CA process activities.

Benefits of using the CA process

  • Does not require access to the Domino certifier ID and password
  • Supports the Registration Authority (RA) role
  • Provides a unified mechanism for issuing Lotus Notes and Internet certificates
  • Simplifies the Internet certificate requests process
  • Issues certificate revocation lists
  • Creates and maintains the Issued Certificate List (ICL)
  • Is compliant with security industry standards for Internet certificates, such as X.509 and PKIX

Topics include

  • Overview - The Domino Server-based Certification Authority
  • Option One - Migrating a Domino certifier to the CA process
  • Loading the CA process after Migration
  • How to use the CA process to Register Users
  • Common Errors that Occur using the CA process
  • Option Two - Creating an Internet Certifier with the CA process
  • Setting up the Certification Requests database
  • Setting up the Key Ring and Merging the Internet Certificate
  • Manually Processing Requests
  • Configuring the HTTP Server for SSL
  • Installing the Client Certificate for SSL
  • Testing the Client Certificate
  • Option Three - Migrating an R5 Internet Certifier to the CA process
  • Option Four - Using the CA process with S/MIME
  • Administration of the CA process
  • Overview - Administration Roles
  • CA Commands
  • Adding Administrators to a Certificate
  • Disabling a Certifier
  • Enabling a Certifier
  • Revoking a Certificate
  • Removing a Certifier from the CA process
  • Administration Tips
  • Encrypting the Certifier ID
  • Removing Passwords for Certifier Activation
  • Renaming the ICL database
  • Confirming a CRL has run using the CA process
  • Confirming Certificate Revocation
  • Creating a Local Copy of the Certifier ID
  • Recovering a Certifier


This course is designed for Lotus Notes and Lotus Domino Administrators with access to a Notes 6.x client and Domino 6.x server.

CA Process.pdf

Original publication date


Document information

More support for: IBM Domino

Software version: 7.0, 8.0, 8.5

Operating system(s): Windows

Software edition: All Editions

Reference #: 7006424

Modified date: 28 July 2005