Andrew Pollack's Blog
Technology, Family, Entertainment, Politics, and Random Noise| Professional Services | Second Signal | Presentations | Andrew's Blog | Support |
First look at a new free Domino SSL certificate tool
By Andrew Pollack on 12/01/2014 at 05:19 PM ESTI've coded something that I plan to release to the community if there is enough interest. It's designed to make the process of getting SHA2 certificates a little easier. I've had to request a fair number of these recently and the command line stuff is tedious and it's easy to make mistakes or misplace the various files. This tool uses the same steps as the process IBM documents and the same tools. You still have to install openSSL and the kyrtool update on your 9.x Admin client machine. The tool checks to make sure all this is in place before it tries to do anything. Essentially, this is just a front end for a scripting tool.
This screen shot represents a "working prototype" -- and if there is enough interest, I'll finish cleaning it up and making it a little prettier and then letting it out there.
Workflow is like this:
1. Fill in the various CA required fields.
2. Click "Generate CSR" -- at this point, the keypair is generated and a certificate request is generated. The CSR is place in a text field labeled "CSR".
3. Copy the text in the CSR and give it to your SSL provider. Go through their validation process.
4. The SSL provider will give you back your certified "Leaf" certificate, their CA trusted root certificate, and often one or more "intermediate certificates". You paste each of these into the labeled text fields.
5. Click "Generate Keyring"
6. Domino's KYR and STH files are created. They'll be saved as file attachments to this main document. You can then deploy them.
I like the idea of using a single document for this and keeping all the parts on that document so that if you need to you can always re-generate the files. It also makes it easy to find them in the database by subject name.
Tell me what you think.
my wasted time with kyrtool and openssl. Thanks
manage a number of SSL certificates, all from the same provider, it would be
useful to be able to save the root and intermediate certificates for future
re-use, so I can just apply them all with 'one hit'
different text files and order of certificates out of the process. Please make
it public. :-)
By the way. Would it be possible for this tool to provide an interface for
working with a certificate not issued to a Domino?... Something that we often
meet with wildcard certificates that are issued to IIS or Apache servers and
then has to be "ported" to a kyr file.
for 9.0.1 FP2
fixpack or in 9.0.2 -- but I think it was smart to roll out what they could the
minute the could in this case.
Thanks for sharing & drop me a note if you have any questions on how to add it
on OpenNTF :)
really would like this tool.
;-)
in terms of transparency and a basic protocol feature.
Other Recent Stories...
- 01/26/2023Better Running VirtualBox or VMWARE Virtual Machines on Windows 10+ Forgive me, Reader, for I have sinned. I has been nearly 3 years since my last blog entry. The truth is, I haven't had much to say that was worthy of more than a basic social media post -- until today. For my current work, I was assigned a new laptop. It's a real powerhouse machine with 14 processor cores and 64 gigs of ram. It should be perfect for running my development environment in a virtual machine, but it wasn't. VirtualBox was barely starting, and no matter how many features I turned off, it could ......
- 04/04/2020How many Ventilators for the price of those tanks the Pentagon didn't even want?This goes WAY beyond Trump or Obama. This is decades of poor planning and poor use of funds. Certainly it should have been addressed in the Trump, Obama, Bush, Clinton, Bush, and Reagan administrations -- all of which were well aware of the implications of a pandemic. I want a military prepared to help us, not just hurt other people. As an American I expect that with the ridiculous funding of our military might, we are prepared for damn near everything. Not just killing people and breaking things, but ......
- 01/28/2020Copyright Troll WarningThere's a copyright troll firm that has automated reverse-image searches and goes around looking for any posted images that they can make a quick copyright claim on. This is not quite a scam because it's technically legal, but it's run very much like a scam. This company works with a few "clients" that have vast repositories of copyrighted images. The trolls do a reverse web search on those images looking for hits. When they find one on a site that looks like someone they can scare, they work it like ......
- 03/26/2019Undestanding how OAUTH scopes will bring the concept of APPS to your Domino server
- 02/05/2019Toro Yard Equipment - Not really a premium brand as far as I am concerned
- 10/08/2018Will you be at the NYC Launch Event for HCL Domino v10 -- Find me!
- 09/04/2018With two big projects on hold, I suddenly find myself very available for new short and long term projects.
- 07/13/2018Who is HCL and why is it a good thing that they are now the ones behind Notes and Domino?
- 03/21/2018Domino Apps on IOS is a Game Changer. Quit holding back.
- 02/15/2018Andrew’s Proposed Gun Laws
:o) I, for one, would be interested in the tool. Thank you for all your hard
work!