This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal


~Tanita Desaverettu
Apr 15, 2015, 2:17 PM
1 Posts
topic has been resolvedResolved

Create cross certificate with AD web service certificate

  • Category: Administration
  • Platform: Windows
  • Release: 9.0.1
  • Role: Administrator
  • Tags: cross AD ADFS SAML
  • Replies: 5

Hi all

I do integrate Domino and AD, through the ADFS service to authenticate to the web services Domino. Use the document "SHOW100: AD + SAML + Kerberos + IBM Notes and Domino = SSO" and reached step "Creating SSL Cross Certs".

Imported into the Domino server Internet certificate from ADFS host, but it is impossible to make cross certificate with the organization certifier Domino.
What I am doing wrong?

Get the message:

"A cross certificate will not be made due to key usage restrictions in the input certificate."

Thanks.

 

~Yentl Zekresachek
Nov 23, 2015, 4:22 AM
32 Posts
A cross certificate will not be made due to key usage restrictions in the input certificat...

When attempting to cross certify the ADFS server SSL certificate in Domino, I get the same error message " A cross certificate will not be made due to key usage restrictions in the input certificate". 

The exported key was made following the instructions in "SHOW100 : AD + SAML + Kerberos + IBM Notes and Domino = SSO!" from Connect2014. 

The key is at the server level i.e. Issued to: adfs.myservername.com and Issued by is Geo Trust DV SSL CA-G4 - any clues? 

Domino 9.0.1 FP4 and ADFS 2012 R2

~Dean Lopfreelyobu
Jun 14, 2016, 8:42 PM
1 Posts
Same error but with Windows 2012 R2 and self-signed

Hello everybody!

        Please... could you help me ?

        I am facing the same problem but with SELF-SIGNED certificate. When I try to run the cross certificate I got the same error below : 

                "A cross certificate will not be made due to key usage restrictions in the input certificate"

        The difference of the environment is that I use Windows 2012 R2. So, it comes with ADFS version 3.0. But I am using SAML version 2.0 in order to get ADFS with Domino.

        I have read many documents in the internet but I do not find a procedure exactly that I need for Windows 2012 R2. As far as I have read IIS (Internet Information Service) is not more necessary to configure the ADFS. And even IIS is NOT installed by default in the Windows 2012 R2.

        I would like to know strongly what Daniel Nashed did to have success in order to configure ADFS on Windows 2012 R2. Because accordingly his blog "the configuration is very similar but you cannot use the cookbooks 1:1." 

        Find his post -> http://blog.nashcom.de/nashcomblog.nsf/dx/domino-federarted-web-login-saml-with-f5-and-adfs-3.0.htm

My environment:

        Domino 9.0.1 64-bit with Fix Pack 6 running on SuSe Linux 12 64-bit;

        Windows Server 2012 R2 with ADFS 3.0.

 

Any ideas or comments are welcome.

 

Thanks and Regards,

OdiLo

~Evelyn Elfreelyettu
Sep 26, 2016, 2:23 PM
1 Posts
Same error but with Windows 2012 R2 and self-signed

Hello Odilo,

have you solved this problem?

Thank you in advance.

 

Best regards,

Milan


This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal