This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal


~Jennifer Nonresazenakol
Feb 6, 2017, 3:05 AM
12 Posts

Third Party CA Compatibility

  • Category: Domino Server
  • Platform: Windows
  • Release: 9.0.1
  • Role: Administrator,End User
  • Tags: domino,ca,keyring,third-party,cert,SSL,verse
  • Replies: 3

Dear IBM Admins,

This is not for promotion but we need the latest and compatible third-party CA to integrate with Domino environment.

Previously, I was working with a free trial third-party CA and not able to integrate with Domino (keyring and etc) and the company is planning to buy a 3rd-party CA subscription.
Can you suggest the latest and compatible 3rd-party CA for Domino / Traveler usage?

There are also no updated datasheet or matrix guide to refer.

Please advise.

Thanks and best regards,
Mike

~Autumn Churezenli
Feb 8, 2017, 3:47 PM
20 Posts
RE
Hi Mike,

Domino/Traveler doesn't really care about who is the certificate authority.  The question really is does the device and browser recognize the Certificate Authority as a third party CA, this isn't something Domino/Traveler Support can answer but should be answered by the device/browser/certificate support.

iOS list of available trusted root certificates:
https://support.apple.com/en-gb/HT203065

If you want to see trusted CA in Android take any device and go to Settings> Security>trusted credentials:
https://images2.wondershare.com/answer_step/2015/0507/680x420_20150507003304964208901.png

Put it simply if some particular device/OS does not trust some certificate authority Domino/Traveler Support cannot do much with that.

--------------------------------------

How to set up SSL using a third-party Certificate Authority (CA)

Question
You have decided to use a third-party certificate authority such as Verisign, Entrust, or Thawte for SSL setup on a Domino server. What steps do you take to do so:

How to set up SSL using a third-party Certificate Authority (CA)
http://www-01.ibm.com/support/docview.wss?uid=swg21268695
~Jennifer Nonresazenakol
Feb 9, 2017, 11:55 AM
12 Posts
RE

This is noted.

 

I already inquired with Certificate Authorities and requested a trial certificate. 

Now it works and able to determine which CA can be used.

 

I hope IBM  can also update third-party CA or collaborate with each other. There are guides is no longer valid since Domino 9 versions are being used.

AFAIK, the built-in Certificate Request on Domino 9+ is no longer compatible with the creation of keyring  and unsuccessfully integrate of 3rd party certificates with Domino.

 

But this is greatly appreciated, thank you!

 

~Vera Zekfoogengon
Feb 13, 2017, 11:43 PM
196 Posts
IBM support for 3rd party CA

I don't think there is any intention to go back to supporting Certsrv.nsf as the means of generating a keyring and merging an independently signed certificate into the keyring.  kyrtool has taken the place of Certsrv.nsf.  


This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal