Moving an IIS SSL certificate to a Domino Keyring File[转]
来源:互联网 发布:詹姆斯打球特点 知乎 编辑:程序博客网 时间:2024/05/01 15:10
Moving an IIS SSL certificate to a Domino Keyring File
Gabriella Davis February 11 2009 11:25:53 PM
Today I had a support call from a customer who had bought an SSL certificate from Verisign to cover their entire domain. Verisign had issued the certificate and it had been applied to their existing IIS servers however they now wanted to use it on their Domino web server as well. The scope of the certifier covered the Domino server (same wildcard domain) but Verisign wouldn't process another request from a Domino keyring file as they had already issued the key in response to the IIS request. They agreed to cancel the IIS certificate and issue a new one for Domino but according to their tech support"the use of the wildcard domain covers you for up to 10 servers so long as you can copy the same certificate between the servers. As Domino and IIS are incompatible you have to buy a new certificate"
Well that seemed like a gyp so I decided to prove it could be done. With the help of some related IBM technotes this is what I did to get it working.
- Created an exported pfx file from IIS
- Went to a domino server and from a prompt found the directory \domino\jvm\bin directory and ran the file "ikeyman" within it
- Created a new Key DB file by browsing to the IIS exported pfx file and importing it as PKCS
- Examined the imported certificate and noted the certificate settings such as Organisation, OU, L etc
- Closed ikeyman
- Created a new key ring file using the Secure Certificate Admin db on Domino
- Gave it the exact same settings as the original IIS certificate noted down in step 4.
- Installed the trusted root certificate into the key ring file
- Copied the .kyr and .sth files to the server where ikeyman ran and where the PKCS file generated in step 3 was located
- Downloaded gsk version of ikeyman to handle Domino key ring files from here >>download
- Extracted zip file to folder 'gsk' on server (folder can be called anything but no spaces)
- Ran "gskregmod.bat Add" from command prompt within extracted folder
- Launched the ikeyman from dos prompt in the newly extracted folder by typing "runikeyman.bat"
- Chose Key Database File - Open and selected the kyr file I copied to the server in step 9
- Go to Personal Certificates and click 'Import' then choose 'PKCS' and import the file generated in step 3
You should now have a .kyr file that contains the certificate and can be copied back to your destination Domino server along with its .sth file.
from:http://blog.turtleweb.com/turtleblog.nsf/dx/11022009232215GDAVGR.htm
- Moving an IIS SSL certificate to a Domino Keyring File[转]
- How to sign an IIS SSL certificate request using OpenSSL
- 转-Quick guide to setting up SSL using Domino as the Certificate Authority
- Generating an SSL certificate on Windows without IIS
- extract the x509 ssl certificate from a pcap file
- How to create a self-signed SSL Certificate
- How to sign a .Sis file with Self-Sign Certificate
- Creating a selfsigned SSL Certificate
- how to create an ssl certificate on nginx for ubuntu14.04
- 转自 https://www.digitalocean.com/community/articles/how-to-create-a-ssl-certificate-on-nginx-for-cent
- How to import a certificate file into a Java key store file?
- How to create a ssl certificate on apache2 for Ubuntu 12.04+
- Https SSL Knowledge & how to get a self-signed certificate on ubuntu.
- How To Create a SSL Certificate on Apache for Ubuntu 14.04
- git SSL certificate problem: unable to get local issuer certificate
- SSL certificate problem: unable to get local issuer certificate
- SSL certificate problem: unable to get local issuer certificate
- SSL certificate problem: unable to get local issuer certificate 解决方法
- Android实时滤镜
- 移动信息化在路上:机遇与挑战
- FP-Tree算法的实现
- 常见的敏捷开发流程比较
- @suppressWarnings
- Moving an IIS SSL certificate to a Domino Keyring File[转]
- SharePoint Server 2010的移动设备配置方案
- 反射机制动态代理
- java语言打印等腰三角形-作者:逝秋
- 遍历文件目录的python 代码
- ARCGIS viewer入门(11)自定义InfoSymbol
- 协同过滤推荐算法
- 应用程序用户启动时崩溃
- 腾讯网无障碍说明