Dear David,

1. I am creating a new certificate.

2. I followed the steps from here: http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Self-signed_SHA-2_with_OpenSSL_and_kyrtool i.e. key, csr and pem created on Linux. kyr, txt and sth created on Windows client.

3. No, I have Notes 9.0.1 FP3 with no interim fix. I will download the latest I.F., update my client and try again.

4. No, I have not opened a PMR. However, if I do not find a solution here, I will do so.

Update:

I downloaded existing kyr and sth files from two production servers (I created these files on the 6th March and on the 7th April 2015) and ran the command "C:\Lotus\Notes>kyrtool =c:\lotus\notes\notes.ini show certs" on them. It was unsuccessful and caused my client to crash. (When I created them back then, my client did not crash)

I also uploaded the new certificates that were causing my client to crash on a test server and checked it on the following websites:
https://ssltools.websecurity.symantec.com/checker/views/certCheck.jsp
https://www.sslshopper.com/ssl-checker.html
https://www.digicert.com/help/
As you can see from the screen shots, it appears OK (apart from the domain mismatch, which is OK since it is a test server)

Dear Dave, I will try to install the latest fix and if it still does not work, I'll send you the pem file. Btw, how can I do this?

Thank you both for your help and advice.

Dear Dave and David,

I downloaded and installed Notes 9.0.1 Fix Pack 3 Interim Fix 4 and tried the kyrtool again.

It did not cause any crash.

Thanks a lot :-)