Kyrtool crashes Notes Client

HCL Domino Domino Forum
1

Hi there,

I have Notes 9.0.1FP3 installed (Client+Designer+Administrator) on my computer.

I am trying to create an SSL certificate for my server, following the steps from: http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Self-signed_SHA-2_with_OpenSSL_and_kyrtool http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Self-signed_SHA-2_with_OpenSSL_and_kyrtool

It all goes well until the last step. See what I get below:

c:\Lotus\Notes>kyrtool =c:\lotus\notes\notes.ini show certs -k c:\lotus\notes\data\xxx_080515.kyr

Using keyring path ‘c:\lotus\notes\data\xxx_080515.kyr’

Certificate #0

Subject: CN=mail.xxx.com/O=XXX/ST=XXX/C=XX
Issuer: CN=mail.xxx.com/O=XXX/ST=XXX/C=XX
Not Before: 08/05/2015 11:04:53
Not After: 05/05/2025 11:04:53
Key length: 4096 bits

[0FB0:0002-2434] Thread=[0FB0:0002-2434]
[0FB0:0002-2434] Stack base=0x001ADF40, Stack size = 9480 bytes
[0FB0:0002-2434] PANIC: LookupHandle: handle out of range

c:\Lotus\Notes>

Can anybody please help?

The kyrtool is version 1.1

I have tried it on a colleague’s client (Notes 9.0.1 Fix pack 2) and got the same result.

My Domino server has a RHEL Linux OS and I generated the key, csr and pem files there.

My computer’s OS is Windows 7 Professional 64 bit SP1 and my colleague’s OS is Windows 8.1

I also tried the same thing on a Lotus 8.5.3 client and this time it displayed the certificate (until the “-----END CERTIFICATE-----” line)… but then afterwards the client crashed…

2

Subject: kyrtool crashes Notes Client

Hi there,

I have Notes 9.0.1FP3 installed (Client+Designer+Administrator) on my computer.

I am trying to create an SSL certificate for my server, following the steps from: http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Self-signed_SHA-2_with_OpenSSL_and_kyrtool http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Self-signed_SHA-2_with_OpenSSL_and_kyrtool

It all goes well until the last step. See what I get below:

c:\Lotus\Notes>kyrtool =c:\lotus\notes\notes.ini show certs -k c:\lotus\notes\data\xxx_080515.kyr

Using keyring path ‘c:\lotus\notes\data\xxx_080515.kyr’

Certificate #0

Subject: CN=mail.xxx.com/O=XXX/ST=XXX/C=XX
Issuer: CN=mail.xxx.com/O=XXX/ST=XXX/C=XX
Not Before: 08/05/2015 11:04:53
Not After: 05/05/2025 11:04:53
Key length: 4096 bits

[0FB0:0002-2434] Thread=[0FB0:0002-2434]
[0FB0:0002-2434] Stack base=0x001ADF40, Stack size = 9480 bytes
[0FB0:0002-2434] PANIC: LookupHandle: handle out of range

c:\Lotus\Notes>

Can anybody please help?

The kyrtool is version 1.1

I have tried it on a colleague’s client (Notes 9.0.1 Fix pack 2) and got the same result.

My Domino server has a RHEL Linux OS and I generated the key, csr and pem files there.

My computer’s OS is Windows 7 Professional 64 bit SP1 and my colleague’s OS is Windows 8.1

I also tried the same thing on a Lotus 8.5.3 client and this time it displayed the certificate (until the “-----END CERTIFICATE-----” line)… but then afterwards the client crashed…

3

Subject: Update

Dear David,

  1. I am creating a new certificate.

  2. I followed the steps from here: http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Self-signed_SHA-2_with_OpenSSL_and_kyrtool http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Self-signed_SHA-2_with_OpenSSL_and_kyrtool i.e. key, csr and pem created on Linux. kyr, txt and sth created on Windows client.

  3. No, I have Notes 9.0.1 FP3 with no interim fix. I will download the latest I.F., update my client and try again.

  4. No, I have not opened a PMR. However, if I do not find a solution here, I will do so.

Update:

I downloaded existing kyr and sth files from two production servers (I created these files on the 6th March and on the 7th April 2015) and ran the command “C:\Lotus\Notes>kyrtool =c:\lotus\notes\notes.ini show certs” on them. It was unsuccessful and caused my client to crash. (When I created them back then, my client did not crash)

I also uploaded the new certificates that were causing my client to crash on a test server and checked it on the following websites:
https://ssltools.websecurity.symantec.com/checker/views/certCheck.jsp https://ssltools.websecurity.symantec.com/checker/views/certCheck.jsp
SSL Checker https://www.sslshopper.com/ssl-checker.html#hostname=https://202.123.30.62/servlet/traveler
SSL Certificate Checker - Diagnostic Tool | DigiCert.com https://www.digicert.com/help/
As you can see from the screen shots, it appears OK (apart from the domain mismatch, which is OK since it is a test server)

Dear Dave, I will try to install the latest fix and if it still does not work, I’ll send you the pem file. Btw, how can I do this?

Thank you both for your help and advice.

4

Subject: You can post it here, or open a PMR and say that I asked for it to be escalated to development. <>

5

Subject: Issue resolved

Dear Dave and David,

I downloaded and installed Notes 9.0.1 Fix Pack 3 Interim Fix 4 and tried the kyrtool again.

It did not cause any crash.

Thanks a lot :slight_smile:

6

Subject: Some questions

  1. Is this crash related to a specific set of key, csr, and pem files created on RHEL Linux OS? Or can you reproduce the problem when you create new files on RHEL?
  2. Does the crash occur with files created in a Windows environment?
  3. Is the problem the same with the latest available version http://www-01.ibm.com/support/docview.wss?uid=swg21657963 of the Admin client?
  4. Have you opened a PMR about this issue? A complete set of client debug, including an NSD, and related files to identify a reproducible scenario may be necessary.
7

Subject: If you could share the PEM file containing those certs (and not the private keys), I’ll take a look at it <>