Skip to main content link. Accesskey S
  • HCL Logo
  • HCL Notes and Domino wiki
  • THIS WIKI IS READ-ONLY. Individual names altered for privacy purposes.
  • HCL Forums and Blogs
  • Home
  • Product Documentation
  • Community Articles
  • Learning Center
  • API Documentation
Search
Community Articles > Lotus Domino > Add Site Certificates to the Lotus Domino JVM cacerts Keystore
  • Share Show Menu▼
  • Subscribe Show Menu▼

Recent articles by this author

Securing Lotus Domino for the Web: Email Relay

Without taking special precautions, Lotus Domino will act as an open mail relay on the Internet. An open mail relay means that anyone, anywhere that can connect to your Domino server, can use it to send email, without needing to be authenticated to your server. Not exactly what we're looking ...

Add Site Certificates to the Lotus Domino JVM cacerts Keystore

How to add site certificates to the Lotus Domino JVM cacerts keystore. Fig. 1 - Navigate to the Domino JVM security directory Step 1 - Navigate to the Domino JVM security directory.   For me, that's c:/lotus/domino/jvm/lib/security.  For simplicity sake, I put the .cer certificate file in the ...
Community articleAdd Site Certificates to the Lotus Domino JVM cacerts Keystore
Added by ~Kirk Zenveluburings on March 3, 2010 | Version 1
  • Actions Show Menu▼
expanded Abstract
collapsed Abstract
No abstract provided.

How to add site certificates to the Lotus Domino JVM cacerts keystore.



Fig. 1 - Navigate to the Domino JVM security directory


Step 1 - Navigate to the Domino JVM security directory.   For me, that's c:/lotus/domino/jvm/lib/security.  For simplicity sake, I put the .cer certificate file in the security folder.  It let's me quickly know which certificates I have installed in the cacerts on that server.


Fig. 2 - Install the certificate in the cacerts keystore


Step 2 - Enter the command to install the certificate in the keystore.   The tool to use is called keytool, and it's located in the jvm/bin directory.


The command line to install the certificate looks like this:

keytool -import -trustcacerts -alias certificate -file your_certificate.cer -keystore cacerts

The important part for you to change in the line above goes like this, the word after -alias signifies the name the certificate is referenced as in the keystore.  The word after -file is the name/location of the certificate you are installing.  The word after -keystore is the name/location of the keystore file.


Once you enter all of this, and press enter, you will be prompted for the password for the cacerts keystore.  The default password for the keystore is 'changeit'.  Clever, eh?   Enter the password (changeit) and press enter again.


Fig. 3 - Prompting to accept the certificate

Step 3 - You will be prompted to accept the certificate.  Type 'y' or 'yes', if you trust it.


Step 4 - Restart your Lotus Domino server or service.  Try to do it when there are no users on the server.  Causes less complaining.



  • Actions Show Menu▼


expanded Attachments (0)
collapsed Attachments (0)
Edit the article to add or modify attachments.
expanded Versions (1)
collapsed Versions (1)
Version Comparison     
VersionDateChanged by              Summary of changes
This version (1)Mar 3, 2010, 5:55:03 PM~Kirk Zenveluburings  
expanded Comments (0)
collapsed Comments (0)
Copy and paste this wiki markup to link to this article from another article in this wiki.
Go ElsewhereStay ConnectedAbout
  • HCL Software
  • HCL Digital Solutions community
  • HCL Software support
  • BlogsDigital Solutions blog
  • Community LinkHCL Software forums and blogs
  • About HCL Software
  • Privacy
  • Accessibility