198 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
How much are your Domino Applications Worth? DAC Knows
Fri, Sep 29th 2017 5
What is this Watson Workspace thing?
Thu, Sep 28th 2017 7
Thanks Spamanda
Wed, Aug 16th 2017 3
Why Experts Save You Money
Thu, May 25th 2017 4
SnTT - WildCard SSL Certs and Domino....needs 32bit Windows?
Thu, May 25th 2017 6
To Tableau, or Not to Tableau
Wed, Mar 8th 2017 3
In Closing, the Connect CGS Speaker
Wed, Mar 1st 2017 1
Top 10
I am speaking at Social Connections VII in Stockholm
Mon, Sep 29th 2014 8
Don't Ship Shit! And Other Things learned from the #IBM #NewWayToWork LiveStream
Tue, Nov 18th 2014 8
Mission Tools: Lotus Quickr to IBM Connections Cloud
Tue, Jan 3rd 2017 7
What is this Watson Workspace thing?
Thu, Sep 28th 2017 7
The Cube Interview from IBM Impact
Thu, May 1st 2014 6
Fix my printer or why remote management..
Mon, May 26th 2014 6
My BlueMix Day of Coding
Thu, Sep 11th 2014 6
Have You Designed a Car without an Engine Today?
Thu, Oct 23rd 2014 6
Email vs. Status Updates, my slides from today
Thu, Apr 16th 2015 6
יבמ "Verse" עכשו בעברית
Mon, Aug 17th 2015 6


SnTT - WildCard SSL Certs and Domino....needs 32bit Windows?
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
   

This post is for me, and you, to make life easy. 

Some of you out there are only now adding SSL certificates to your servers, I know because you are asking me to help you, and so I present today's Show n Tell Tuesday post.

There are some excellent SSL and Domino posts on this topic already from Gab Davis, Mats Ekman and Sean Cull, IBM documentation is a bit lacking in this use case so I will not point you to it.

I used Gab's post a few times over the last few months and always in a situation where the customer had a stand alone (individual server) SSL certificate and you can't mess it up, well you could typo the syntax, but her post is the easiest way to get this accomplished. Thank you Gab!

However, a Wildcard SSL certificate is a little different and this is when I found Mat and Sean's post very helpful and I am taking from them to add my 2 cents.

Along the way of following their posts I found that the IBM required tool only runs on a 32 bit Windows environment. Let's just say were it not or my TV PC, I would have to create a VM just to run this tool. 

You have been warned.

Everything else runs on 64 bit and you will need your Domino server and your Admin Client accessible. 

This is how we include a wildcard 4096 bit cert issued from a registrar with a .PFX and .CSR file into Domino. (Always make sure to get the password used for the key, you WILL need it.)

What do you do with a .PFX file? You convert it into a .PEM file using OpenSSL.
What? Why? Never mind that now, but the steps to do the magic are below:

Steps:
1) Download the OpenSSL software (taken from Mat's post)
Homepage: https://www.openssl.org/source/
Easy precompiled: https://slproweb.com/products/Win32OpenSSL.html
The one Mat used: http://slproweb.com/download/Win64OpenSSL-1_0_2g.exe

2) Download the KYRTool (again taken from Mat's Post)
Fixcentral short: http://ibm.co/1SAYX5E
Fixcentral long: http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ELotus&product=ibm/Lotus/Lotus+Domino&release=9.0.1.2&platform=All&function=fixId&fixids=KYRTool_9

3) Install the OpenSSL into its own directory

4) Go to C:OpenSSL-Win64binopenssl then run the openssl to get the command window you need so you can type in. (This took me a while to figure out, you are welcome):

5) this is all one line pkcs12 -in C:location of mypfxfileswildcard_company_com.pfx -out  c:somelocationwildcard_cmpany_com.pem -nodes -chain

Remember, Domino requires both the .KYR file and the .STH files to be placed inside the Dominodata directory.

As always have fun, ask for help when you need it and don't give up, as you can see, many of us have been in your shoes before.


---------------------
http://feedproxy.google.com/~r/LotusEvangelist/~3/KG7QSuKw5jQ/sntt-wildcard-ssl-certs-and-dominoneeds.html
May 25, 2017
7 hits



Recent Blog Posts
5
How much are your Domino Applications Worth? DAC Knows
Fri, Sep 29th 2017 1:53p   Keith Brooks
Most of you reading this are my Yellowverse bubble, BPs, consultants, advisers, fellow IBM Champions and a few friends so this will not be new news to you. To the few, the proud, the admins and executives who are blessing me with a few minutes of their time, this may come as huge news, or not. You already moved your mail to the IBM SmartCloud Notes cloud mail, humor me for a minute even if you have not yet. You are sitting on a small server farm or VM landscape supporting your core, enterprise
7
What is this Watson Workspace thing?
Thu, Sep 28th 2017 12:18p   Keith Brooks
IBM in recent days has made a number of announcements, some of which are more public than others, today I want to discuss Watson Workspace (WW) and Watson Wokspace Essentials (WWE). As the name implies, it is an Instant Mesaging (IM) program that, hang on, that's not right. Let's back up a second. Why the name Workspace? I have no idea, I thought it was a beta name. Seriously now, it is because the young generation of marketers were not born when us old people were using ICQ, AOL and other v
3
Thanks Spamanda
Wed, Aug 16th 2017 1:15p   Keith Brooks
Our fearless leader, cat herder, rock singer, crazy cat woman has been given a chance at even more greatness and is joining Salesforce. The "XI" forum inside there grows daily it seems. She got to know all of us pretty well while she ventured across the world for all the LUGs and other events that we all have partaken in over the years. Her efforts to make our experiences as Champions memorable paid off every time. When you consider the cult of personalities that we as a group exhibit, this i
4
Why Experts Save You Money
Thu, May 25th 2017 1:00p   Keith Brooks
Did you ever hear these from clients or prospective clients? "Your fees are too high!" "You want how much to do this?" "I can get a person for $10/hr why do we need you?" I have heard these, and many others too over the course of my career. Now let's hear how some others see this issue, these are general references not specific to anyone or anything. Sales advisors tell us it is because we have not sold the client on us and our solution that the price still matters. If they are not so
7
SnTT - WildCard SSL Certs and Domino....needs 32bit Windows?
Thu, May 25th 2017 9:03a   Keith Brooks
This post is for me, and you, to make life easy. Some of you out there are only now adding SSL certificates to your servers, I know because you are asking me to help you, and so I present today's Show n Tell Tuesday post. There are some excellent SSL and Domino posts on this topic already from Gab Davis, Mats Ekman and Sean Cull, IBM documentation is a bit lacking in this use case so I will not point you to it. I used Gab's post a few times over the last few months and always in a situa
3
To Tableau, or Not to Tableau
Wed, Mar 8th 2017 8:00p   Keith Brooks
This was the question I had as I reserved a space at the event held today here in Tel Aviv. I was supposed to go last year but was out of the country at the time.Nice view we had. Tableau is about data visualization. yes the same stuff we did 30 years ago with 1-2-3 or Excel but smooth, "simple" and flexible to work with many, many forms of data. They went public in 2013 and since have steadily grown in awareness and revenue. Tableau may not have been on everyone's radar but it is showing up
1
In Closing, the Connect CGS Speaker
Wed, Mar 1st 2017 8:57p   Keith Brooks
The closing session at IBM Connect this year was probably the most educational closing session I have listened to over the years. And that is a good thing because although some closers were motivational or inspirational or imaginative, the creative process often gets hidden in the final product. Eric Whitacre, who until the session I had not looked up or heard of, was very upfront about his motivations and goals/dreams and how all of them combine to help him fulfill his music efforts.Eric has c
1
Executive Upgrades of the Server Kind
Wed, Mar 1st 2017 3:42p   Keith Brooks
At Gurupalooza, the last day session of IBM Connect where the IBM Champions and Best Practices presenters answer audience questions, my friend Todd asked us something along these lines: “How do you convince an executive that feature packs must be installed and maintained like formal releases?" In today’s world, there are no formal releases. Your browsers update automatically, if you let them, your phones update apps automatically, again if you let them. So why should your servers or clients
3
Day 2 of Connect was Road Map Day for me
Fri, Feb 24th 2017 3:36a   Keith Brooks
The day opened with Mat's AdminBlast session which was so full of tips and ideas he could barely get to all of them and he laid out how he manages his team and uses all the resources he can from Notes, Domino, Connections, Watson, etc. Great effort and valuable training for new managers to get a great view of how they could be working. Usually the sessions are a secondary benefit, for people like myself that are involved in the product line for so long. We have various meetings, briefings, sid
4
One Firm's Wild Ride to the Cloud
Thu, Feb 23rd 2017 10:35p   Keith Brooks
My IBM Connect presentation is now posted on Slideshare. Thank you everyone for coming and your questions. One Firm's Wild Ride to The Cloud from Keith Brooks




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition