How to import a wildcard SSL certificate into a Domino Key Ring

Some customers are using wildcard SSL certificates in their environments and want to use them for accessing the Domino environments via Traveler and WebMail.

What you’ll need:

To use those wildcard certificates you have to go through the following steps ( I did this on my Windows machine ):

First you have to to export the wildcard certificate from the PFX file:

c:\openssl\bin\openssl pkcs12 – in <path-to-pfx> -out <path-to-pem> -nodes -chain

convert2pem

This generates the following file:

wildcard02

You can open this file for example with NotePad++ and you will see the following content with all intermediates, root certificates and also the private key:

wildcard03

In my case you now have the private key, the certificate, the intermediate and the root certificate in the PEM file. To go on I created a new text file and copied the content from the PEM file over – with the following order:

  • Private Key
  • Certificate
  • Intermediate
  • Root

—–BEGIN PRIVATE KEY—–
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDGD6iM7Iy3/HiM
nycokfClcGJFyZKe4v4/IUkyk0v3QL6BYK7DD7rwhVZuw3pZR0xoWxhSRcvvIu4+

8MUpwBcupWYaenmNS7I3Cjl9
—–END PRIVATE KEY—–
—–BEGIN CERTIFICATE—–
MIIGLDCCBRSgAwIBAgIQAzd7X8XQJcXgZnTANeHbkjANBgkqhkiG9w0BAQsFADBe

/vHWeVw5Nq/NMQviqIHFENIegFiZ1Yh0LVvLfhPRDNG6304UBuPsqJmgT74q4nh8
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
MIIEizCCA3OgAwIBAgIQCQ7oxd5b+mLSri/3CXxIVzANBgkqhkiG9w0BAQsFADBh

vmi7pkqyZYULOPMIE7avrljVVBZuikwARtY8tCVV6Pp9l3VeagBqb2ffgqNJt3C0
TYNYQI+BXG1R1cABlold
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh

pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
MrY=
—–END CERTIFICATE—–

To check if everything is fine you can check with the KyrTool by entering the following command:

C:\HCL\Notes>kyrtool.exe verify c:\wildcard\wildcard.txt

wildcard10

If you don´t receive any error >> Congrats !!

Now you´re ready to create a KYR file, import the content of the text file ( in this case it was “wildcard.txt” ), move the KYR and STH file to your Domino Server, customize the setting in the Server Document/Website, restart your HTTP server and grab a beer.

The way how to generate the KYR file, … is documented here ( starting at 5. )