Dear David,

1. I am creating a new certificate.

2. I followed the steps from here: http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Self-signed_SHA-2_with_OpenSSL_and_kyrtool i.e. key, csr and pem created on Linux. kyr, txt and sth created on Windows client.

3. No, I have Notes 9.0.1 FP3 with no interim fix. I will download the latest I.F., update my client and try again.

4. No, I have not opened a PMR. However, if I do not find a solution here, I will do so.

Update:

I downloaded existing kyr and sth files from two production servers (I created these files on the 6th March and on the 7th April 2015) and ran the command "C:\Lotus\Notes>kyrtool =c:\lotus\notes\notes.ini show certs" on them. It was unsuccessful and caused my client to crash. (When I created them back then, my client did not crash)

I also uploaded the new certificates that were causing my client to crash on a test server and checked it on the following websites:
https://ssltools.websecurity.symantec.com/checker/views/certCheck.jsp
https://www.sslshopper.com/ssl-checker.html
https://www.digicert.com/help/
As you can see from the screen shots, it appears OK (apart from the domain mismatch, which is OK since it is a test server)

Dear Dave, I will try to install the latest fix and if it still does not work, I'll send you the pem file. Btw, how can I do this?

Thank you both for your help and advice.

Dear Dave and David,

I downloaded and installed Notes 9.0.1 Fix Pack 3 Interim Fix 4 and tried the kyrtool again.

It did not cause any crash.

Thanks a lot :-)

Hi there,

I have Notes 9.0.1FP3 installed (Client+Designer+Administrator) on my computer.

I am trying to create an SSL certificate for my server, following the steps from: http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Self-signed_SHA-2_with_OpenSSL_and_kyrtool

It all goes well until the last step. See what I get below:

c:\Lotus\Notes>kyrtool =c:\lotus\notes\notes.ini show certs -k c:\lotus\notes\data\xxx_080515.kyr

Using keyring path 'c:\lotus\notes\data\xxx_080515.kyr'

Certificate #0

Subject:        CN=mail.xxx.com/O=XXX/ST=XXX/C=XX
Issuer:         CN=mail.xxx.com/O=XXX/ST=XXX/C=XX
Not Before:     08/05/2015 11:04:53
Not After:      05/05/2025 11:04:53
Key length:     4096 bits

[0FB0:0002-2434]  Thread=[0FB0:0002-2434]
[0FB0:0002-2434] Stack base=0x001ADF40, Stack size = 9480 bytes
[0FB0:0002-2434] PANIC: LookupHandle: handle out of range

c:\Lotus\Notes>

Can anybody please help?

The kyrtool is version 1.1

I have tried it on a colleague's client (Notes 9.0.1 Fix pack 2) and got the same result.

My Domino server has a RHEL Linux OS and I generated the key, csr and pem files there.

My computer's OS is Windows 7 Professional 64 bit SP1 and my colleague's OS is Windows 8.1

I also tried the same thing on a Lotus 8.5.3 client and this time it displayed the certificate (until the "-----END CERTIFICATE-----" line)... but then afterwards the client crashed...