Exporting .kyr certificate for Apache[转]
来源:互联网 发布:软件的功能界面 编辑:程序博客网 时间:2024/04/28 18:06
We access our iNotes webmail through a reverse proxy. This reverse proxy is an Apache webserver. To add to this security, all http traffic is redirected to https for obvious reasons. This means that there has to be an SSL certificate on the reverse proxy for that website. But Lotus Domino stores its certificates in keyring files (.kyr extension), which cannot be read by Apache. I had to export the keyring file to a certificate file (.cert) and key file (.key) for Apache.
After searching around a bit, I quickly realised that this wouldn’t be as easy as I initially hoped. There is no built-in feature in Domino to export keyring files to any other format. Even opening the file turned out to be quite a challenge.
After some more searching, I came across a handy little tool from IBM called “iKeyman” (link). This tool is part of IBM HTTP Server and WebSphere. With it, you can open and export keyring files created by Domino. If you don’t have IBM HTTP Server or WebSphere, you can download this utility here.
If you start the tool, you can open the keyring file (you will have to know the password), and then select “Export/import” on the right side.
After that, I stumbled upon the next problem: you can only export to PKCS12 or CMS. These aren’t usable for Apache either, but it’s a start. I exported the file to the PKCS12 format, wich gave me a .p12-file. This file, I could then export to the format I needed with OpenSSL (link). OpenSSL is available for Windows and Linux. I used the following commands on a Linux machine:
openssl pkcs12 -in host.domain.p12 -clcerts -nokeys -out host.domain.cert
openssl pkcs12 -in host.domain.p12 -nocerts -nodes -out host.domain.key
After searching around a bit, I quickly realised that this wouldn’t be as easy as I initially hoped. There is no built-in feature in Domino to export keyring files to any other format. Even opening the file turned out to be quite a challenge.
After some more searching, I came across a handy little tool from IBM called “iKeyman” (link). This tool is part of IBM HTTP Server and WebSphere. With it, you can open and export keyring files created by Domino. If you don’t have IBM HTTP Server or WebSphere, you can download this utility here.
If you start the tool, you can open the keyring file (you will have to know the password), and then select “Export/import” on the right side.
After that, I stumbled upon the next problem: you can only export to PKCS12 or CMS. These aren’t usable for Apache either, but it’s a start. I exported the file to the PKCS12 format, wich gave me a .p12-file. This file, I could then export to the format I needed with OpenSSL (link). OpenSSL is available for Windows and Linux. I used the following commands on a Linux machine:
openssl pkcs12 -in host.domain.p12 -clcerts -nokeys -out host.domain.cert
openssl pkcs12 -in host.domain.p12 -nocerts -nodes -out host.domain.key
This finally gave me the right files I could load in the Apache configuration.
FROM:http://labs.groupwave.be/index.php/2009/08/31/exporting-kyr-certificate-for-apache/
- Exporting .kyr certificate for Apache[转]
- skill program for exporting GDS
- Exporting Your App for Testing
- Exporting a certificate in PKCS12 format from chrome or IE
- How To Create a SSL Certificate on Apache for Ubuntu 14.04
- Error validating server certificate for
- A utility for importing/exporting between hbase and csv file
- Exporting Your App for Testing (iOS, tvOS, watchOS)
- 【转】EXP-00091: Exporting questionable statistics.解决方法
- EXP-00091: Exporting questionable statistics.问题解决!(转)
- xcode 6 exporting ipa 提示 Your account already has a valid iOS distribution certificate 的另一种解决方法
- iOS开发之-xcode 6 exporting ipa 提示 Your account already has a valid iOS distribution certificate 的另一种解决
- Server certificate verification failed: certificate has expired, certificate issued for a different
- solution for git clone SSL certificate problem
- certificate
- certificate
- Exporting Attachments
- ABAP Trial Version for Newbies: Part 8 ' Exporting development objects from SP8 '
- 《Windows核心编程系列》八谈谈用内核对象进行线程同步
- extjs中model的HasMany和belongTo读取xml数据的用法
- sql trace & event 10046,10053使用方法
- Loadrunner调用的DLL中的函数有类的实例时解决方法
- C/C++中const、mutable、volatile详解
- Exporting .kyr certificate for Apache[转]
- OpenCV参考手册之Mat类详解
- cmd窗口一闪而过
- Apache sdo学习笔记(四)——通过动态类型创建DataObject
- PHP CodeBase: 将时间显示为“刚刚”“n分钟/小时前”等
- 50个Web设计师超便利的工具
- 验证码生成
- linux 使用 c.vim
- Android实时滤镜