IBM Kyrtool - Certificate Installation

To import certificates in your Keyring file for use with IBM Domino, you can use the PEM formatted key that was made using OpenSSL, together with the PEM formatted files you received from us. In this tutorial we use the following files:

  • root.crt: The root certificate from the CA
  • intermediate.crt: The intermediate certificate from the CA
  • server.key: Your private key that was generated with OpenSSL
  • server.crt: The domain certificate that you ordered

We placed those in a directory named SSL on the startup disk, after completing the installation it's advisable to move the server.key to a protected location.

Install the Kyrtool - if not available yet- on your system, by downloading it from the 'Installing and Running the Domino keyring tool' instructions.

Creating the Keyring file

  1. Create a new keyring file on your Domino server by running the following command, replace 'password' by your password
    kyrtool =c:\lotus\notes\notes.ini create -k c:\lotus\notes\data\keyring.kyr -p password
  2. Import the root certificate in the new Keyring;
    kyrtool import roots -i C:\SSL\root.crt -k "C:\Program Files (x86)\IBM\Notes\data\keyring.kyr"
  3. Import the intermediate certificate in the new Keyring;
    kyrtool import roots -i C:\SSL\intermediate.crt -k "C:\Program Files (x86)\IBM\Notes\data\keyring.kyr"
  4. Import private key in the new Keyring;
    kyrtool import keys -i C:\SSL\server.key -k "C:\Program Files (x86)\IBM\Notes\data\keyring.kyr"
  5. And at last, import your domain certificate in the new Keyring;
    kyrtool import certs -i C:\SSL\server.crt -k "C:\Program Files (x86)\IBM\Notes\data\keyring.kyr"
  6. Examine the resulting keyring file
    kyrtool =c:\lotus\notes\notes.ini show keys -k c:\lotus\notes\data\keyring.kyr
    kyrtool =c:\lotus\notes\notes.ini show certs -k c:\lotus\notes\data\keyring.kyr
  7. Back up your old .kyr and .sth files, shut down the server, copy over your new keyring and stash files, restart the server, and check out the results!

SSLCheck

Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues

point up