Some customers are using wildcard SSL certificates in their environments and want to use them for accessing the Domino environments via Traveler and WebMail.
What you’ll need:
- Current Notes Domino Admin client ( 9.0.1 FP3 + )
- OpenSSL ( https://www.openssl.org/source/ )
- Domino KyrTool ( is included in the current Domino releases )
- NotePad ++ ( https://notepad-plus-plus.org/downloads/ )
To use those wildcard certificates you have to go through the following steps ( I did this on my Windows machine ):
First you have to to export the wildcard certificate from the PFX file:
c:\openssl\bin\openssl pkcs12 – in <path-to-pfx> -out <path-to-pem> -nodes -chain
This generates the following file:
You can open this file for example with NotePad++ and you will see the following content with all intermediates, root certificates and also the private key:
In my case you now have the private key, the certificate, the intermediate and the root certificate in the PEM file. To go on I created a new text file and copied the content from the PEM file over – with the following order:
- Private Key
—–BEGIN PRIVATE KEY—–
—–END PRIVATE KEY—–
To check if everything is fine you can check with the KyrTool by entering the following command:
C:\HCL\Notes>kyrtool.exe verify c:\wildcard\wildcard.txt
If you don´t receive any error >> Congrats !!
Now you´re ready to create a KYR file, import the content of the text file ( in this case it was “wildcard.txt” ), move the KYR and STH file to your Domino Server, customize the setting in the Server Document/Website, restart your HTTP server and grab a beer.
The way how to generate the KYR file, … is documented here ( starting at 5. )