4

I'm trying to use a multipurpose certificate on an infrastucture that contains a Domino 7 server. To accomplish this, I tried:

  1. Generate a CSR outside of Domino: I'm able to use the produced certificate everywhere but not on Domino because it requires to generate a keyring and the correspondent CSR
  2. Generate the keyring and the CSR in Domino: everithing (services) work well in Domino, but I'm not able to extract the private key to use the certificate for other purposes

For the attempt 2. I found that someone used a tool named IKEYMAN from IBM; it's been quite difficult to find a download for IKEYMAN. IKEYMAN can open a Domino keyring and export it to KDB format or in a .class; I was not able to use any of the formats IKEYMAN exports to extract the private key. Someone on Lotus forums says that he did the trick, but I'm missing something: in the keyring I was not able to find any private keys.

My question is: can I extract the private key from a Domino keyring? In the case of the need to use a tool, where exactly can I find this tool?

Andrea Colleoni
  • 141
  • 3
  • 1
    I haven't foun an answer... I ended up with the 'certificate copy' function provided by the CA supplier: different copies of the same certificate produced from different CSRs. I agree for the move to SF. – Andrea Colleoni Aug 21 '12 at 19:49

2 Answers2

2

Here is the link to IBM's public Download site.. Hope it helps

ftp://ftp.software.ibm.com/software/lotus/tools/Domino/gsk5-ikeyman.zip

If the above link doesn't work, try this: https://ftpmirror.your.org/pub/misc/ftp.software.ibm.com/software/lotus/tools/Domino/gsk5-ikeyman.zip

martinist
  • 3
  • 3
Jeff Carnahan
  • 21
  • 2
  • For me IKEYMAN does not start. When I run _runikeyman.bat_ from command prompt it just shows the path etc and returns to "C:\Program Files\IBM\GSK5>". Nothing is launched. I've tried many instructions including this one http://www-10.lotus.com/ldd/nd85forum.nsf/5/d8153f5591411ed185257d2f00765653 but the result is always the same. I've tried it on 3 PCs and one server (Win 10, 7 and 2003). Any ideas? – Panu Haaramo Mar 07 '16 at 10:27
2

IBM support helped me on this one.

  1. Download the new key ring tool and save the appropriate version to program directory of your Notes client.

  2. kyrtool show keys -k <path to keyring file>

Panu Haaramo
  • 343
  • 7
  • 20