4

I'm trying to use a multipurpose certificate on an infrastucture that contains a Domino 7 server. To accomplish this, I tried:

  1. Generate a CSR outside of Domino: I'm able to use the produced certificate everywhere but not on Domino because it requires to generate a keyring and the correspondent CSR
  2. Generate the keyring and the CSR in Domino: everithing (services) work well in Domino, but I'm not able to extract the private key to use the certificate for other purposes

For the attempt 2. I found that someone used a tool named IKEYMAN from IBM; it's been quite difficult to find a download for IKEYMAN. IKEYMAN can open a Domino keyring and export it to KDB format or in a .class; I was not able to use any of the formats IKEYMAN exports to extract the private key. Someone on Lotus forums says that he did the trick, but I'm missing something: in the keyring I was not able to find any private keys.

My question is: can I extract the private key from a Domino keyring? In the case of the need to use a tool, where exactly can I find this tool?

Andrea Colleoni
  • 141

2 Answers2

2

Here is the link to IBM's public Download site.. Hope it helps

ftp://ftp.software.ibm.com/software/lotus/tools/Domino/gsk5-ikeyman.zip

If the above link doesn't work, try this: https://ftpmirror.your.org/pub/misc/ftp.software.ibm.com/software/lotus/tools/Domino/gsk5-ikeyman.zip

martinist
  • 3
  • 3
Jeff Carnahan
  • 21
2

IBM support helped me on this one.

  1. Download the new key ring tool and save the appropriate version to program directory of your Notes client.

  2. kyrtool show keys -k <path to keyring file>

Panu Haaramo
  • 343