Hi,

I recently had to recereate a self-signed internet certificate on a Domino 9.0.1 FP4 HF70 with Traveler following this document http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21193730

I used a SHA256 algorithm to create it with a 2048 key. Followed the document and all works fine (IBM Verse on phone an tablet using https to access the server).

My first test was to access the Traveler Domino server with Firefox from my PC : https://srvtrv/traveler and i had to log in. Just to check that access is possible.

 

I few days after i had to do the same on another Domino/Traveler server, also Windows 2008R2. Same Domino version; i followed the same document, used the same values, etc...

BUT, either FF or Chrome says that te server still use SSLv3 (error "ssl_error_unsupported_version") or "ERR_SSL_VERSION_OR_CIPHER_MISMATCH".

I added "DISABLE_SSLV3=1" to the notes.ini and IE11 which previously sent me also an error, now prompts to login !

I checked the two servers, no obvious difference.

So, my question is: appart from the .kyr et .sth file that are created, is there somewhere something else that could faultly indicate that the server is not using the internet certificate i want it to use ?

I red that aother tools are available to create the certificate (OpenSSL and KYRTool) but i wonder it should be the problem as my first server doesn't cause any trouble.

 

TIA for any advice/help,

Yan