Hi,
I am trying to setup SSL on my server. I am doing as explained in the Implementing and Maintaining Domino Web Servers : http://www-10.lotus.com/ldd/lbytes.nsf/0/f668d51aaa7db800852568480071482f?OpenDocument#Task%203%3A%20Request%20a%20server%20certific .
While creating the Keyring File and the Stash file the information I entered was wrong so I deleted the Keyring and stash files and also deleted the CA Database so that I can start all over again. For some strange reason this time it only creates the keyring file but DOESNT CREATE THE .STH file. I tried delete/rinse/repeat but with no success.
Can someone tell me why the .STH file is not being created?
Thanks,
–Chaitanya
Subject: RE: SSL Configuration: Problem with .STH file
I am sorry to say that you completely missed the point. I DO NOT NEED A GUIDE for setting up SSL. I already have a few with me. If you read my previous message you would understand that I am stuck at the stage where it says I have to copy both the .KYR and .STH files to \NOTES\DATA directory. Obviously I cant go ahead at this stage without the .STH file.
What I need to know is why the .STH file is not being created along with the .KYR file.
Thanks,
–Chaitanya
Subject: RE: SSL Configuration: Problem with .STH file
I had the same prob as ur chat. did you try creating the files like this:
Open up the certsrv.nsf (or create the db using the ntf file) and from the main menu click on the last option “Create Key Ring with Self-Certified Certificate”
enter the appropriate information (use the name of the certificate to be the same as your url other wise you might have some problems)
If you did this from your client COPY the selfcert.STH and selfcert.KYR files to the notes server \Data dir.
If you created the cert using the above steps and still do not have both files then I’m not sure whats happening… try it on another client perhaps?
HTH
ST
Subject: RE: SSL Configuration: Problem with .STH file
OK. Let me make one thing clear at this point. I am using the Domino Cetificate Authority (CA) nsf and not the Server Certificate Admin.
Correct me if I am mistaken but I am trying to:
-
Create a CA - Done
-
Create Root Certificate (key ring and stash) - This is where I get stuck only the Kyr file is created but not the .sth.
-
Create Server Certificate (Keyring and stash)
Now I understand that if I have Domino CA I dont ever need the Server Certificate Admin database as it is primarily used to install Certificates issued by NON-Domino CAs.
One more thing, I still went ahead with just the .kyr file, say ROOT.KYR for the ROOT certificate and when I created the Server certificate it created both the SERVER.KYR and SERVER.STH files.
After this I could enable SSL on my Server and it seems to be working fine, except it only uses HTTPS for authentication and not for end-to-end (this prolly has to do something with S/MIME or whatever).
Things seem to be pretty OK as in SSL seems to be working but what happened to the ROOT.STH as in why isnt it being created. The very first time I tried the process it was created and I have that copy.
So is .STH file required or not, if it is required how come my SSL is working without the ROOT.STH. Could it be that since I am using the same password that I used the first time around?
Thanks,
–Chaitanya