Skip to main content
This forum is closed to new posts and responses. New discussions are now taking place in the IBM Developer Answers forum.
 
developerWorks
AIX and UNIX
Information Mgmt
Lotus
New to Lotus
Products
How to buy
Downloads
Live demos
Technical library
Training
Support
Forums & community
Events
Rational
Tivoli
WebSphere
Java™ technology
Linux
Open source
SOA and Web services
Web development
XML
My developerWorks
About dW
Submit content
Feedback



developerWorks  >  Lotus  >  Forums & community  >  Notes/Domino 6 and 7 Forum

Notes/Domino 6 and 7 Forum

developerWorks

  

PreviousPrevious NextNext


Marty Rouse 7.Mar.13 02:19 PM a Web browser
Domino Administrator All Releases All Platforms


All,

After some MAJOR headaches, I was able to renew my SSL certificate. Not only did I run into the dreaded 2048 encryption strength (which the 7.x csrv50.ntf doesn't support) but also the MD5 crap! (Most require SHA-1)

Unbelievable, right? Jeez. But have no fear. I have it figured out with a bunch of help from this article:

http://www-10.lotus.com/ldd/nd85forum.nsf/5049ee164c54799785256bff00519260/f077f707e7952afe8525789c007cc7e1?OpenDocument

The only difference in this article and what I actually did is to use a -sha1 switch on one of the openssl statements, and submit the CSR to Verisign. Other than that, the steps are pretty much the same. But here they are simplified. And I sure hope you have a Linux server :) If not, I don't have a good solution. Also, keep in mind. I am not a Linux admin at all and have no real experience with SSL. I am a programmer. So, some of the below terminology may not be correct.

1. Login to your Linux server console.
2. Issue this command: openssl genrsa -des3 -out serverName.key 2048 -sha1. Enter a passphrase
3. OK. Now, you should have a serverName.key in your home directory.
4. Now, issue this command: openssl req -new -key serverName.key -out serverName.csr. Enter the passphrase.
5. Enter in your CSR information for renewal (ie. country, etc)
6. Now, open up the serverName.csr file (In your home directory) and paste into Verisign's CSR request (or other 3rd party, I guess...Assuming it will work the same)
7. Get back your certificate, and create a serverName.crt file with the contents. Copy up to your home directory.
8. Now, issue this command: openssl pkcs12 -export -in serverName.crt -inkey serverName.key -out serverName.p12. Enter the passphrase.
9. Now, download this (from the article): ftp://ftp.software.ibm.com/software/lotus/tools/Domino/gsk5-ikeyman.zip. I tried Windows 7 to no avail. But it worked on XP. I know. Yet another hoop.
10. Extract file. Start a dos prompt. Change directory to extracted file directory.
11. Run gskregmod.bat Add (make sure Add is proper)
12. Now, type runikeyman.bat
13. Open your serverName.kyr file from your server. (I would recommend copying it down first and backing up the good one) Enter your passphrase.
14. Now, click 'Export/Import'. Select 'Import Key' and browse to serverName.p12. Type in your passphrase
15. Close ikeyMan, and copy the serverName.kyr and serverName.sth files backup to your server. This should do it!

** NOTE. No need to open Server Certificate Admin. The CSR you will generate is no good (because MD5) and if Domino 7.x, no 2048. You can, of course, download the Domino 8.x template, but it still encrypts using MD5 **






SSL Certificate Renewal- How To On ... (Marty Rouse 7.Mar.13)
. . RE: SSL Certificate Renewal- How To... (Sandy James 11.Mar.13)
. . . . RE: SSL Certificate Renewal- How To... (Sandy James 14.Mar.13)
. . RE: SSL Certificate Renewal- How To... (Mark S Feinman 10.Jun.13)





  Document options
Print this pagePrint this page

 Search this forum

  Forum views and search
Date (threaded)
Date (flat)
With excerpt
Author
Category
Platform
Release
Advanced search

 RSS feedsRSS
All forum posts RSS
All main topics RSS
More Lotus RSS feeds

Resources

 Resources
Forum use and etiquette
Native Notes Access
Web site Feedback

Lotus Support

 Lotus Support
IBM Support Portal - Lotus software
Lotus Support documents
Lotus support by product
Lotus support downloads
Lotus support RSS feeds

Wikis

 Wikis
IBM Composite Applications
IBM Mashup Center
IBM Connections
IBM Connections Cloud Developers
IBM Docs
IBM Forms
IBM Mobile Connect
IBM Sametime
IBM SmartCloud for Social Business
IBM Web Experience Factory
Lotus Domino
Lotus Domino Designer
Lotus Expeditor
Lotus Foundations
Lotus iNotes
Lotus Instructor Community Courseware
Lotus Notes
Lotus Notes & Domino Application Development
Lotus Notes Traveler
Lotus Protector
Lotus Quickr
Lotus Symphony
IBM Web Content Manager
WebSphere Portal

Lotus Forums


 Lotus Forums
Notes/Domino 9.0
Notes/Domino 8.5 + Traveler
Notes/Domino XPages development forum
Notes/Domino 8
Notes/Domino 6 and 7
IBM Connections
IBM Mobile Connect
IBM Sametime
IBM SmartCloud Notes
Lotus Enterprise Integration
Lotus Protector
Lotus Quickr
Lotus SmartSuite