Workaround for startssl and Domino【转】
来源:互联网 发布:iphone 无法加入网络 编辑:程序博客网 时间:2024/06/03 20:14
I don’t know if you still need it but here is my workaround to get a StartSSL free certificate in Domino.
I use OpenSSL on my Linux server to create a new certificat(证明):
Here are the command I used to create a key and a csr file:
* openssl genrsa -des3 -out keyfile.key 2048
* openssl req -new -key keyfile.key -out request.csr (Answer the usual question)
------kefile.key/request.csr
Ask the certificate at startssl with the CSR file.
-------request.csr-->cert.crt
With your new cert file, you have to create a PKCS (.p12) key file using openssl:
* openssl pkcs12 -export -in cert.crt -inkey keyfile.key -outcert.p12
-----cert.crt+kefile=cert.p12
Create a new keyring (.kyr) file, using the certsrv.nsf database using the SAME information from the linux certificate.
Import the StartSSL Root certificate into the key ring file:
Get the "ca.pem" certificate and Merge it into your kyr file.
Get the "Sub Class 1" certificate and Merge it into your kyr file.
Now the tricky part…
To import the .p12 file into a Domino keyring, you need GSK5-iKeyMan(DOWNLOAD)(This tool might not work in Windows Vista and newer OS, it’s working in 2003)
- Extract the gsk5-ikeyman.zip file into a directory that has no spaces in the name
- Start the command line shell (cmd), change directory to the directory where you extracted gsk5.
- Execute the following command: gskregmod.bat Add
- Run IKeyman by executing: runikeyman.bat
- Open the keyfile.kyr file that we created earlier and enter the keyring password.
- Select Personal certificates and click Import
- Select the certificate file (.p12) and enter the certificate's password.
Configure your Domino server to use this keyring file and restart the http task (or restart domino).
*** Weird thing…
When I tried to Import my “www.mydomain.com” PKCS key into my keyring, I got a bad p12 certificat(证明) error from gsk5. Everything went well with my 3 other “test” keyring. To test my keyring, I imported my “test.p12” file into my “www” keyring and it worked. I then retry to import my “www.p12” into the keyring and it was now ok. I removed the “test” certificate from the keyring. I noticed that my “www.crt” was not the same size as my test.crt file… maybe something is missing in the www one!!!!
(I hope I’m clear enough ;-)With this procedure, I can even import any of my existing certificates into a keyring.
Have a nice free SSL testing!!! :-)
Pat
Feedback number WEBB8H8UMU created by on 2012-12-13
- Workaround for startssl and Domino【转】
- WSDL related issue and workaround in Domino
- [Known issue and workaround]
- workaround for SUP-664
- workaround
- Configuring Apache, PHP, MySQL and Domino for Windows 2000
- Workaround for the deprecated imagePickerController.allowsImageEditing property
- Workaround for Lack of Attribute-level Privilege
- workaround for %33 texture memory bug
- Workaround for LOV on Primary Key Attribute
- workaround for the python xlrd error
- Configuring to Debug and Workaround Broken Client Applications
- A workaround for limitation of 900 bytes index key
- Workaround for text editor error after applying update Rollup 10
- workaround for ubuntu 14.04 team viewer not ready issue
- IE11 - Workaround for IE11 developer tools does not "pin"
- C. New Year and Domino
- 配置 Domino for Microsoft IIS
- Roadsend PHP-开源的PHP代码编译器
- error running chkconfig(SuSE Linux)
- linux 线程调试
- vmware设置centos虚拟机nat联网
- MP3帧头格式(CBR,VBR), 附源码
- Workaround for startssl and Domino【转】
- //对称三角形(字母)(一般形式)
- PHP empty(),isset()与is_null()的实例测试
- 无法在Web服务器上启动调试.调试失败,因为没有启动windows集成身份验证
- FastCGI处理HTTP头得一点说明
- onSaveInstanceState 非用户销毁Activity时,保存状态
- 检测进程是否存在的小函数&&检测命令是否执行成功的小函数
- 通过MyEclipse生成Hibernate类文件和hbm.xml文件,或者annotation文件
- 各种xml配置例子