Skip to content

Domino 8.5 SSL Key Import Into Keyring File

Bill

2011-04-09

Domino Server SSL Key Import

By default, the SSL key order process in the Domino Administrator assumes that only single domain certificates are used. Hence, when you have a multi domain UCC or a wildcard certificate, it has to be loaded into the keyring (a.k.a. kyr file) outside of the Domino Administrator.

The basic overview of the process is this:

  • Create a (keyring) file to hold the keys.
  • Create a (PKCS#12) file with the certificate that needs to be added to the keyring.
  • Add the (PKCS#12) file to the keyring.
  • Install the new keyring on the Domino Servers (mail, traveler, sametime, Quickr)

Domino Server PKCS#12 key generation and import

Create PKCS#12 from SSL KEY and CRT files

For this step I recommend to be on the Linux or AIX with openssl installed. Assuming that you have the certificate key, the CA issued certificate, and the certificate chains all in the same directory, you can run the following command to generate the file:

Add PKCS#12 to Domino Server Kyr Keyring File

For this step I recommend to be on the sametime server under Linux or AIX. In theory, this should work, but in practice, I found that the version 7 of the tools doesn’t seem to be able to open files. So you may need to skip ahead to the legacy Windows XP method, unless you can find the package on one of your older install media.

Add last provider to list:

remove conflicting jar file:

set environment:

Domino Server Required Utilities for SSL Key Import (legacy Windows XP method)

  • Download and install IKEYMAN.
  • Open the kyr file in gsk5.
  • Import the p12 cert.
  • Save the new kyr file.

Domino Server SSL Key Management References

  • http://www.redbooks.ibm.com/redpapers/pdfs/redp0046.pdf
  • http://www.turtleweb.com/turtleblog.nsf/dx/11022009232215GDAVGR.htm?opendocument&comments
  • http://www.deadspace.de/?p=294
  • ftp://ftp.software.ibm.com/software/webserver/appserv/library/v61/ihs/GSK7c_SSL_Ikm_Guide.pdf
  • https://support.quovadisglobal.com/KB/a93/how-do-i-install-my-digital-certificate-into-lotus-notes.aspx
  • http://replay.waybackmachine.org/20081121002554/http://www.justinclarke.com/archives/2005/08/sending_smime_e.html
  • http://www.eulerhermes.com/en/documents/secure-email/ehcica_howto_import_lotus_notes_en.pdf/ehcica_howto_import_lotus_notes_en.pdf
  • http://publib.boulder.ibm.com/infocenter/sametime/v8r0/index.jsp?topic=/com.ibm.help.sametime.802.doc/Entry/st_adm_security_ssl_ikey_lin_t.html

For more information about Domino Server solutions, visit our collaboration section.

NewPush Events

Upcoming webinars

Security Automation for SOAR and Remediation in Higher Education

John McClure, CISO, Laureate

Register

Successful delivery of RPA for IT Compliance

Mark Johnson, Senior Principal, EY

Register

RPA in Higher Education

Jeff Tannebaum, VP IT Compliance, Laureate

Register

logo

We focus on reliability, quality, and value.

© 2020, All rights reserved. | NewPush LLC. | newpush.com