I want to configure IAM service with ProtonMicroCA. I created functional users and created client certs/keys. I can use key/cert with secure proton to server, but I have issues configuring IAM with these certtificates.
IAM service setup script accepts IAM server SSL certs but not IAM proton client certs.
I have seen this in another customer case. The issue is in IAM server trying to detect the type of key.
The main problem is that the certmgr is annotating the key as
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
instead of
-----BEGIN RSA PRIVATE KEY----------END RSA PRIVATE KEY-----I believe you can change the header and footer to put RSA in there and it should work.
I have a bug for this that I've filed.
Yes, in meantime I figured out that encrypting the key worked. So I encrypted it.
But I encounter another issue. Setting Resource provider does not work cause AdminService does not want to connect to IAM server, cause of certificate that has unsupported purpose.
Probably web server purpose is missing from issued certificate.
Does ProtonMicroCa has options to set purposes on certificates?
The certificate for IAM to use to connect to domino is a client certificate and should only be used in the proton connection.
IAM has a place for a web certificate, and this will be the user-facing cert. So you can use Let's Encrypt, or some other CA process for that.
You can manage a private CA in the certmgr in Domino as well.