I decided to soldier on and try Kyrtool. I am using 3rd party CA - RapidSSL.

When applying on CA site I was unclear whether to identify my server as Lotus Domino  or IBM HTTP. I took a guess and chose IBM HTTP.

I received my server certificate and one intermediate certificate from my CA (RapidSSL) in an email and then I merged them into 1 file - server.txt.

Then I executed:  kyrtool =c:\lotus\notes\notes.ini verify c:\lotus\notes\data\ssl\server.txt

This is the result:

No private key found in input file

ERROR: No private key found in c:\lotus\notes\data\ssl\server.txt

INFO: Successfully read 2 certificates

INFO: Issuer Name of cert 0 matches the subject name of cert 1

WARNING: Final certificate in chain is not self signed

Any suggestion as to where I have gone wrong?

Thank You

Update #1: I had not  merged the server.key file into the server.txt. I just now merged it - server.key + sever.pem + intermediate.pem==>server.txt

The verify tool is now happy - except the final warning is still in place - "Final certificate in chain is not self signed". Is that an issue?

Update #2:  Added a Global Certificate from CA into server.txt. Now kyrtool verify  passes with no warning. Onto the next step!

Google chrome displays a green lock in the browser. Good.

When clicking on on the lock though  it says: Your connection is encrypted with obsolete cryptography

Here are some of the certifcate details

Signature algoithm  sha256RSA
Signature hash algorithm sha256
Thumbprint algortithm sha1

What can I do to make Google chrome not describe my brand new certificate as obsolete? I am under the impression that my certificate uses SHA-2