How to import a wildcard SSL certificate into a Domino Key Ring

Posted by

Some customers are using wildcard SSL certificates in their environments and want to use them for accessing the Domino environments via Traveler and WebMail.

What you’ll need:

To use those wildcard certificates you have to go through the following steps ( I did this on my Windows machine ):

First you have to to export the wildcard certificate from the PFX file:

c:\openssl\bin\openssl pkcs12 – in <path-to-pfx> -out <path-to-pem> -nodes -chain

convert2pem

This generates the following file:

wildcard02

You can open this file for example with NotePad++ and you will see the following content with all intermediates, root certificates and also the private key:

wildcard03

In my case you now have the private key, the certificate, the intermediate and the root certificate in the PEM file. To go on I created a new text file and copied the content from the PEM file over – with the following order:

  • Private Key
  • Certificate
  • Intermediate
  • Root

—–BEGIN PRIVATE KEY—–
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDGD6iM7Iy3/HiM
nycokfClcGJFyZKe4v4/IUkyk0v3QL6BYK7DD7rwhVZuw3pZR0xoWxhSRcvvIu4+

8MUpwBcupWYaenmNS7I3Cjl9
—–END PRIVATE KEY—–
—–BEGIN CERTIFICATE—–
MIIGLDCCBRSgAwIBAgIQAzd7X8XQJcXgZnTANeHbkjANBgkqhkiG9w0BAQsFADBe

/vHWeVw5Nq/NMQviqIHFENIegFiZ1Yh0LVvLfhPRDNG6304UBuPsqJmgT74q4nh8
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
MIIEizCCA3OgAwIBAgIQCQ7oxd5b+mLSri/3CXxIVzANBgkqhkiG9w0BAQsFADBh

vmi7pkqyZYULOPMIE7avrljVVBZuikwARtY8tCVV6Pp9l3VeagBqb2ffgqNJt3C0
TYNYQI+BXG1R1cABlold
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh

pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
MrY=
—–END CERTIFICATE—–

To check if everything is fine you can check with the KyrTool by entering the following command:

C:\HCL\Notes>kyrtool.exe verify c:\wildcard\wildcard.txt

wildcard10

If you don´t receive any error >> Congrats !!

Now you´re ready to create a KYR file, import the content of the text file ( in this case it was “wildcard.txt” ), move the KYR and STH file to your Domino Server, customize the setting in the Server Document/Website, restart your HTTP server and grab a beer.

The way how to generate the KYR file, … is documented here ( starting at 5. )

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s