We're at that time where we need to install a new SLL certificate. The last couple of times it's been something of a nightmare, downloading KRYtool and OpenSSL. It looks like the last downloaded KRYTool was for 9.0.1.2 (according to the IBM link).
Sooo
1. Is there any updated method of installing certificates?
2. Do I need a new version of KRYTool? If so what is the current download link?
3. Is there a 'how to' whitepaper available? All the IBM documents are no longer available - in fact Google searches these days return very little about Domino unless you want to order pizza :-(
Thanks
Hello Dave,
1. Sadly for 10.0.1, there is no better method. In v12 we are going to have a lot simpler and better method.
2. You should have a KyrTool executable in your Domino Server Data directory you can use.
3. Here you go:
https://support.hcltechsw.com/csm?id=kb_article_view&sys_kb_id=fb7ba618dbf6e89ca45ad9fcd3961966&spa=1
Milan
Thank you for your prompt reply.
At the about the same time as your post I found that link from another post a bit earlier.
The last time I performed this task it was on old hardware, then moved to new hardware and updated from version 9 to 10 so I wasn't sure what would be there, but it turns out that KyrTool is.
Will have to do a new install of OpenSSL - would you recommend using the .exe or the msi installer? I just downloaded both, having an argument with Windows 10 about the files being unsafe notwithstanding.
Domino is running on Server 2019
Thanks
Hi Dave,
you can use both. It comes more to a personal preference. I used both and both were ok, on my current workstation I have installed it using the .msi file.
Just make sure you are downloading it from a trusted source.
Best regards,
Milan
Hi Dave --
As Milan mentioned, there are new tools coming with Domino 12 to help better manage certificates but until then, if you're able to use Let's Encrypt certificates, my company sells an inexpensive .nsf-based product that can automatically create and renew LE certificates for Domino. It removes the hassle of working with the KyrTool and OpenSSL and it's also fully supported on Domino 10. You can find a link to it on my profile page here: https://support.hcltechsw.com/community?id=community_user_profile&user=b28b7e701bc7ff80c48197d58d4bcb77)
Best,
Richard
Richard
Does this tool support all certificate providers (we use Sectigo - was Comodo)?
Dave
Hi Dave --
No, it currently supports only Let's Encrypt as an ACME certificate provider. I will take a look at Sectigo's ACME support though and consider adding them as a supported provider.
Richard
I figured that just after I clicked the 'reply' button.
We have used Comodo from when they first opened their doors in Bradford, and they supply us with SSL certs for all our servers, code signing certs and PCI scanning.
New certificate is installed and running.
Thank you for your help :-)
just add the argument
-pizza
to the search query. After a while, Google picks up on your dislike for Domino Pizza and it shows up less...
Just goes to show that no matter how many decades (four and counting) that you have been in tech there is always something new to learn. :-)
Thank you