Lotus Notes FAQ Visit Our Sponsor!

How do you import a wildcard domain certificate into Domino?

From Ninke Westra:

Create a server keyring (.kyr) file, for example using the certsrv.nsf database that's present on just about every server, doesn't matter if it's on the server that you want to use the keyring with or not since the keyring file is created locally to your client, not on the server.

Select Create Key Rings & Certificates in the navigator and click 1. Create Key Ring
Under Keyring informationyou enter the filename (keyring.kyr) and password that you want to set for this keyring file.
For Keysizeyou can select a keysize that will be used when creating certificate requests using this keyring.
Disinguished Name has some mandatory fields
˙˙ Common Name˙˙˙your server's fully qualified hostname (when generating a certificate request or *.domainname for a wildcard request
˙ Organization˙˙˙˙˙˙˙˙˙ Organisation name
˙ Organizational Unit
˙˙˙ (optionall)
˙˙˙ City˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙ (optional)
˙˙˙ State˙˙˙ ˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙ Province/State
˙˙˙ Country˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙ Two letter country code.

The next step is 3. Install Trusted Root Certificate into Key Ring
Enter Certificate Information an identifying label for the certificate signer's certificate
You can choose to either import the root certificate from a .crt/.cer file or paste from clipboard.
Click Merge Trusted Root Certificate into Key Ring
Enter the password you picked at step 1. (create key ring)
To import existing wild card certificates (pcks12 format, .pfx/.p12 file) into a Domino keyring file you need IBM's [ftp] GSK5 IKeyMan.
(I read somewhere that this tool might not work in Windows 2003/Vista+ but I can not confirm that).

Extract the gsk5-ikeyman.zip file into a directory that has no spaces in the name (I used C:\gsk5)
Start the command line shell, change directory to the directory where you extracted gsk5 to and execute the following command: gskregmod.bat Add
Next run IKeyman by executing runikeyman.bat.
Open the keyfile.kyr file that we created earlier and enter the keyring password.
Select Personal certificates and click Import

Select the wildcard certificate file (.pfx/.p12) and enter the certificate's password.

Shutdown IKeyman and copy the keyfile.kyr and matching keyfile.sth˙ to your Domino server's data directory.

Configure your Domino server to use this keyring file and restart the http task (or restart domino).

Applies to Notes Versions: 7
Last Modified: March 23, 2010