HCL Notes and Domino 9.0 Social Edition Forum - Problems importing wildcard certificate for SSL iNotes usage

This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal

Share ▼
Subscribe ▼

~Mario Minnimarakoi

Sep 2, 2013, 11:02 AM

2 Posts

Problems importing wildcard certificate for SSL iNotes usage

Category: iNotes
Platform: Linux
Release: 9.0
Role: Administrator
Tags: SSL WILDCARD SHA256
Replies: 4

I have a wildcard certificate for my domain used for company web server (IIS7).

I want to import this certificate to domino in order to use SSL when our users access their email.

On the internet I found a lot of documentation but none of them helped me to solve the problem.

Basically I started with the guide from turtleweb http://www.turtleweb.com/turtleblog.nsf/dx/11022009232215GDAVGR.htm?opendocument&comments .

My questions:

- is there any program other that very old (and unusable on modern certificates) gsk5-ikeyman which properly works with IBM .kyr keyring container? My certificate is Keylength: 2048, signature algorithm:SHA256RSA from Geotrust and what i found after a lot of tests is that gsk5-ikeyman does not support SHA256. The majority of internet certifiers now switched to sha256 signature. The newer versions of ikeyman does support SHA256 but doesn't know how to handle .kyr container.

Anyway I loose a lot of time trying to resolve this problem and it's frustrating.

Please help with any ideas..

Regards,

Adrian

~Tip Chujipymaretsi

Sep 3, 2013, 10:18 PM

19 Posts

Suggestion

Did you try the new HTTP server which comes with IBM Domino 9?
See http://xpagetips.blogspot.com/2013/05/setting-up-ibm-http-server-with-domino-9.html and http://xpagetips.blogspot.com/2013/05/setting-up-tls-ssl-for-ibm-http-server_30.html

~Zach Nonboosipuletsi

Sep 4, 2013, 6:36 AM

36 Posts

Reverse proxy

Try nginx as reverse proxy

~Mario Minnimarakoi

Sep 4, 2013, 2:24 PM

2 Posts

Thank you for suggestions

My first choice was to install IBM Http via Domino setup. But surprise... It's only available on Windows (forgive me IBM I'm using linux).

Now I will try with nginx reverse proxy.

~Vanessa Minboosiburoden

Oct 21, 2014, 8:18 PM

12 Posts

SHA2 works but TLS for Windows and Unix use tips

SHA2 works but TLS for Windows and Unix use tips

I guess in the context of Poodle TLS not SHA-2 is critical, but anyway here is how to get SHA-2 working with Domino 9 without IBM HTTP.

http://www.infoware.com/?p=1592
TLS is NOT SOLVED by this only SHA-2.

For Windows use IHS integration

For unix look at this link http://blog.darrenduke.net/darren/ddbz.nsf/dx/here-is-a-freely-available-vm-to-reverse-proxy-domino-shoot-the-poodle.htm

Regards
Mats

This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal

Share ▼
Subscribe ▼