Cannot import/use sha256-hashed certificate for HTTPS

hcl-bot · December 31, 2013, 3:20am

I figured out that currently there seems to be no way to import a SHA256-hashed server certificate for HTTPS into the keyfile.kyr.

(Using ikeyman5 and ikeyman8 I was able to import SHA256-hashed root certificates, but not the certificate for my server.)

Therefore I had to downgrade our new server’s certificate to being SHA1-hashed so HTTPS can be used.

What I would like to know is:

When will sha256-hashed certificates be possible to use?
Are there plans to support SHA-3-hashed certificates as soon as possible after the standardization of SHA3 is completed?

hcl-bot · October 16, 2014, 2:47am

Subject: What about Domino for Linux x64? is IHS include with the Installation?

hcl-bot · October 16, 2014, 8:08pm

Subject: Two times NO, I’m afraid

No, there is no Domino 64-bit for Linux.
No, IHS with Domino is Windows only.

hcl-bot · November 30, 2014, 5:12pm

Subject: YES, Virginia there is a 64-bit Domino for Linux

sh stat server
…

Server.Version.Architecture = 64 Bit
Server.Version.NIFODS_VERSION = 882
Server.Version.Notes = Release 9.0.1FP2
Server.Version.Notes.BuildNumber = 405
Server.Version.ODS_MACHINETYPE = 3
Server.Version.OS = Linux 3.10.0-123.9.3.el7.x86_64 #1 SMP Thu Nov 6

…

hcl-bot · December 1, 2014, 7:05pm

Subject: You are proving me wrong…

…and I should have known better: We are actually running 9.0.1/64-Bit servers on two of our Linux boxes… What the heck made me write it didn’t exist? I don’t know, but I guess it was the fact that Domino 64-Bit for Linux came into existence with version 9 only. It definitely did not exist up until Domino version 8.5.x. Shame on me anyway.

My second point still holds true though: No IHS bundled with Domino for Linux.

hcl-bot · January 3, 2014, 5:17am

Subject: +1

“But what I really would like to see is IBM to fix and update Domino’s TLS/SSL features instead of recommending us the usage of additional software only available for one OS.”

I totally agree and IBM HTTP Server for Domino is also only available as a 32bit application!!!

hcl-bot · January 2, 2014, 1:17am

Subject: IBM please update Domino’s TLS/SSL features

Thank you for mentioning, I totally forgot about it since IBM HTTP Server is currently only available for Windows servers and we are using Linux here.

I guess it may be possible to set up a similar configuration (with reverse proxy using something like Apache or nginx) on Linux.

But what I really would like to see is IBM to fix and update Domino’s TLS/SSL features instead of recommending us the usage of additional software only available for one OS.

hcl-bot · December 31, 2013, 8:08am

Subject: Alternative

Since you posted on this forum, you can use IBM HTTP Server which comes with Domino 9 and therefore use newer encryption tech for web servers.
See http://xpagetips.blogspot.cz/2013/05/setting-up-ibm-http-server-with-domino-9.html http://xpagetips.blogspot.cz/2013/05/setting-up-ibm-http-server-with-domino-9.html for reference