How to Install Certificates on Lotus Domino 8.5

Your certificates will need to be installed to the key ring in the exact order described below.

AddTrustExternalCARoot.crt
XYZHigh-AssuranceSecureServerCA.crt (if included in your zip file)
your_domain.crt

1. In the Domino Server Certificate Administration, choose the option to "Install Trusted Root Certificate into Key Ring."
2. Enter the file name that you selected when creating your CSR, then go ahead and import your Trusted Root Certificate (AddTrustExternalCARoot.crt). You may see a message that your root certificate is already installed. If this happens, just continue to step 3.
3. Once again, choose the option to "Install Trusted Root Certificate into Key Ring". You should now install your Intermediate Certificate file(s). If you received a XYZRSAAddTrustCA.crt, make sure to import that first, and then repeat this step to import the XYZRSADomainValidation.crt.

   If you did not receive a XYZRSAAddTrustCA.crt file, go ahead and import your XYZRSACA.crt now.

   
4. For the next step select the option to "Install Certificate into Key Ring". Enter name of the key ring, and then import your Primary Certificate (your_domain_name.crt) file.

   Your certificate is now installed and ready to use on your IBM Domino Server.

Note: Some chain files maybe different than others please use this article as a reference on how to install. Also, LOTUS Domino 8 may not support SHA-2 certificates and you may need to contact their support for information regarding SHA-2 certificate requirements.