1
I have an IBM Lotus Domino install on Microsoft Windows. I am looking for the steps I need to follow to create a key ring and CSR for Lotus Domino,but I am unable to find an answer. Can anyone help me?
engiketer
Posted 2017-10-11T07:28:59.160
Reputation: 11
1
Please follow the steps below :-
Create a Keyring file
kyrtool ="c:\Program Files\IBM\Notes\notes.ini" create -k "c:\Program Files\IBM\Notes\data\keyring.kyr" -p password
Generate an RSA keypair using OpenSSL
openssl genrsa -out server.key 2048
The resulting keypair should not be password protected. This isn't a good security practice, so only perform these steps for production systems on a restricted access system believed to be secure. The resulting keypair should look like the following:
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAr9uZYZ1BrraxW1AdM1ecexiD2uaPxNKjS2p2p9pygUc/vU2d
rrqjj3tAybdkNEFcwQLY/eIZcEowHmhH0b9Ut5EOsMMxkB4vUHg6gWmse64wr2qx
5EmUfjZ/LDMDqnmFxTDvr2iiajZI/L/8thgwBEK2AEGhCppyvyo/mzvMua9j7I8G
[Many lines removed]
tuEe3JGUnHaWetQYOU6PmTKIgPpd3disflCJe8K1dzN8bEkQF2eZk/oODVHSHRyC
7Rw9zpLxTJmbd3iWW3+ZVHhpudYZrDE8NbaaiGMbfyfQBnSH1XbDHSveTxLOY3fo
+d9lePMThdnmme6b1v8X4sCuDKrFjoV5Veo4Qq8I+099hu3tTRq2zGpNPsg=
-----END RSA PRIVATE KEY-----
Generate a Certificate Signing Request (CSR) using OpenSSL
openssl req -new -key server.key(Key file name generated in the above command) -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
Country Name (2 letter code) [XX]:. State or Province Name (full name) []: Locality Name (eg, city) [Default City]:. Organization Name (eg, company) [Default Company Ltd]:. Organizational Unit Name (eg, section) []:. Common Name (eg, your name or your server's hostname) []:www.example.com Email Address []:
Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
The output will look like the following below
-----BEGIN CERTIFICATE REQUEST-----
MIIEbDCCAlQCAQAwJzElMCMGA1UEAwwcdWx0cmF2aW9sZXQuc3dnLnVzbWEuaWJt
LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK/bmWGdQa62sVtQ
HTNXnHsYg9rmj8TSo0tqdqfacoFHP71Nna66o497QMm3ZDRBXMEC2P3iGXBKMB5o
[Many lines removed]
nbXBaWgJqMk71f2vU1LnNQQresCBJpzNWgjyLaTszUR6eL8JD9WxddMK/82h9QVx
uFO005u3Fa2uC+8axiMKO3sSuVsgXHQpCuSnw2jDCQoeW/C/GSswsdWVyEzHMMjD
KQTH5iQLVPWArBoE1SV/RzG8tvLqH6JxHmSG7cnrgH0=
-----END CERTIFICATE REQUEST-----
Nick Desai
Posted 2017-10-11T07:28:59.160
Reputation: 151
Hey Nick, Thank you! it worked perfectly for me. – engiketer – 2017-10-12T05:59:35.557
Here we may help you with creating keys and certificates (though if you search the web you will find a lit of how-tos). IMHO this question is product based (so I'd guess you will more success posting the question to the IBM dW forum) – None – 2017-10-11T07:40:14.563