首页>技术支持>SSL证书请求文件(CSR)生成指南 - Lotus Notes Domino

SSL证书请求文件(CSR)生成指南 - Lotus Notes Domino

重要注意事项 An Important Note Before You Start

在生成CSR文件时同时生成您的私钥,如果您丢了私钥或忘了私钥密码,则颁发证书给您后不能安装成功!您必须重新生成私钥和CSR文件,免费重新颁发新的证书。为了避免此情况的发生,请在生成CSR后一定要备份私钥文件和记住私钥密码,最好是在收到证书之前不要再动服务器。

By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use the certificate we issue to you and will need to request a free reissue. To ensure this never happens, we advise that a backup of the private key file is made and that a note is made of the password that is used to protect the export of the private key.

To generate a CSR for Lotus Domino 4.x follow the instructions follow the instructions below:

Step 1: Open Domino SSL Administration

These instructions assume that you have Domino up and running.

From your Notes station, File->Database->Open (Ctrl-O).

Select "Domino SSL Administration".

You'll see a window that is entitled "About Domino SSL Administration - Design".

At the bottom is says "Click to here to setup and manage SSL on your site".

Click on the text or keys.

Step 2: SSL Administration

The Domino SSL Administration Page has 5 top-level menu sections. They'll spread out across the page, so look carefully at the structure of the document before rushing in.

Create Key Ring - Self-Certification

Create Key Ring - Commercial Certification

Create Key Ring - Internal Certification

Certificate Authority - Create Certificate Authority Key Ring

Certificate Authority - Certify Certificate Request

You want number 2, "Create Key Ring - Commercial Certification". This has 3 steps. We will walk you through them carefully.

1. Create Key Ring and Certificate Request

Click on the button for "Create key ring and certificate request".

You'll see a dialog box pop up.

Fill in the Distinguished Name fields carefully.

The CommonName field must be the host part of your https URL's.

It can be an alias, like www.wotrust.com . But it must be the full domain name of the server, not just the host name.

For a "Key Name" say "secure server key".

Whatever key ring password you choose, make sure it is secure and you will remember it.

The CSR is CertReq.txt, and the key is keyfile.kyr, and they are created in the Notes\Data directory.

Back up your key file (keyring.kyr) and certificate request (CertReq.txt).

Your certificate will be useless without keyfile.kyr.

测试CSR和把CSR发给WoSign, Start the certificate request process

生成CSR后,建议您自己测试一下生成的CSR文件是否正确,请点击 这里 测试您的CSR文件。请把测试成功的CSR文件发给WoSign即可。请一定不要再动您的服务器,等待证书的颁发。

To submit the CSR to WoSign for processing you should start the certificate enrollment process.