I have created a key ring file from my admin client. The keyfile.kyr file was stored in my local c:\lotus\notes\data folder. Instructions tell me to copy the .kyr and .sth files to my Domino directory’s data folder. The path for this folder on my Domino directory is different from my client. (d:\notes\data ) and therefore the SSL startup does not see the key ring files. Is there a way to change the path for the key ring file? If not, can/how do I delete and recreate the key ring file and handle the two different paths?
Any ideas?
Subject: HI
I think you are mistaken or I misunderstood something. You are using the keyring and you copied to the server. Did you modify something else?
You would need to edit the server tasks to enable SSL and also modify the location of the keyring, in the document Ports - Internet Ports.
Can you post the output of this: tell http show security ?
Subject: output of command
The error message that I am getting on server start up is:07/20/2009 09:30:26 PM HTTP Server: SSL Error: No local certificate, key ring file [keyfile.kyr], [Default Server]
07/20/2009 09:30:26 PM HTTP Server: Using Web Configuration View
Here is what I get when I enter the command:
tell http show security
07/21/2009 04:32:58 PM Base server:
07/21/2009 04:32:58 PM SSL enabled
07/21/2009 04:32:58 PM Key file name: d:\Notes\Data\keyfile.kyr
07/21/2009 04:32:58 PM Secure server not started Waiting for HTTPS request
Subject: Re: Can I change the path of my keyfile…
I believe the path you use when creating the file in the Admin client only refers to where it stores the resulting keyring & stash files (both are linked & need to be managed as a pair).
Nothing about the creation process ties the keyring/stash file to the path you give…the server’s configuration documents point to the keyring (in various places, for the different services using SSL).
You simply copy the file pair to the server…then point to the keyring files in the necessary configuration documents. The default is “keyring.kyr” in the Notes data directory.
Subject: Hi again
Unless you have several Web Site Documents, I think something went wrong in the creation process and the CA didn’t get imported.
SSL is enabled correctly and is pointing to the correct file.
Things you can do is check the names are correct (Caps are important, make sure is all lowercase, or whatever it’s in the document), security of the files (make sure everyone has access to it) and if all of that fails, I would re-create the keyring.
In the same database where you created the keyring, there should be a place where you can check this keyring and create a new one.
I just want to confirm something, keyring.kyr is usually the name of the certificates where you create a certificate request and sign it with the CA, have you done this?
If the only thing you want to do is have SSL and don’t have a CA, then you need to create a self-signed (Same database).
Subject: Problem solved!
Looks like there was a problem in the Admin process. I went into the database to look at the Certificate request view and found it still there. I approved it, then picked up the certificate. Everything else fell into place.
Thank you for your input!