Add a root certificate to IBM Domino JVM keystore

Sometimes it is necessary to add a root certificate to the Domino JVM (Java Virtual Machine) keystore file. This can easily be done with the already installed tool “IBM Key Management”:

  • Open a command prompt windows with administrator priviledges on the Domino server
  • cd \(Domino-Program-Directory)\jvm\bin
  • ikeyman
  • Click “Key Database File” and then “Open”. Select the file “cacerts” in the directory \(Domino-Program-Directory)\jvm\lib\security. You need to have “All files” selected to see it. The password to open the file is “changeit”.
  • Change to “Signer Certificates”
  • Click “Add” and browse to the root certificate you need to import. Click “OK” and enter any descriptive text for this certificate.
  • Restart the Domino server.