Andrew Pollack's Blog

Technology, Family, Entertainment, Politics, and Random Noise

First look at a new free Domino SSL certificate tool

By Andrew Pollack on 12/01/2014 at 05:19 PM EST

I've coded something that I plan to release to the community if there is enough interest. It's designed to make the process of getting SHA2 certificates a little easier. I've had to request a fair number of these recently and the command line stuff is tedious and it's easy to make mistakes or misplace the various files. This tool uses the same steps as the process IBM documents and the same tools. You still have to install openSSL and the kyrtool update on your 9.x Admin client machine. The tool checks to make sure all this is in place before it tries to do anything. Essentially, this is just a front end for a scripting tool.

This screen shot represents a "working prototype" -- and if there is enough interest, I'll finish cleaning it up and making it a little prettier and then letting it out there.

Workflow is like this:

1. Fill in the various CA required fields.

2. Click "Generate CSR" -- at this point, the keypair is generated and a certificate request is generated. The CSR is place in a text field labeled "CSR".

3. Copy the text in the CSR and give it to your SSL provider. Go through their validation process.

4. The SSL provider will give you back your certified "Leaf" certificate, their CA trusted root certificate, and often one or more "intermediate certificates". You paste each of these into the labeled text fields.

5. Click "Generate Keyring"

6. Domino's KYR and STH files are created. They'll be saved as file attachments to this main document. You can then deploy them.

I like the idea of using a single document for this and keeping all the parts on that document so that if you need to you can always re-generate the files. It also makes it easy to find them in the database by subject name.

Tell me what you think.



There are  - loading -  comments....

re: First look at a new free Domino SSL certificate tool By Ursus Schneider on 12/02/2014 at 02:42 AM EST
sound very interesting - hate doing the stuff via the command line. well done
:o) I, for one, would be interested in the tool. Thank you for all your hard
work!
re: First look at a new free Domino SSL certificate tool By Marcus on 12/02/2014 at 03:29 AM EST
as you said .. I used command line and had some typo. Your tool will decrease
my wasted time with kyrtool and openssl. Thanks
re: First look at a new free Domino SSL certificate tool By David on 12/02/2014 at 03:58 AM EST
This sounds like a superb tool, well done. One small request though... as I
manage a number of SSL certificates, all from the same provider, it would be
useful to be able to save the root and intermediate certificates for future
re-use, so I can just apply them all with 'one hit'
re: First look at a new free Domino SSL certificate tool By Jens on 12/02/2014 at 04:50 AM EST
Cool idea. I would also like this tool :-). So please make it public.
re: First look at a new free Domino SSL certificate tool By Lars on 12/02/2014 at 05:46 AM EST
Great idea. I could definitely use a tool like this to take the "hasle" with
different text files and order of certificates out of the process. Please make
it public. :-)

By the way. Would it be possible for this tool to provide an interface for
working with a certificate not issued to a Domino?... Something that we often
meet with wildcard certificates that are issued to IIS or Apache servers and
then has to be "ported" to a kyr file.
re: First look at a new free Domino SSL certificate tool By Lee on 12/02/2014 at 06:07 AM EST
Great stuff! Exactly what I was looking for.
re: First look at a new free Domino SSL certificate tool By Thorsten on 12/02/2014 at 07:06 AM EST
Such a tool would be great!!
re: First look at a new free Domino SSL certificate tool By Bill Kron on 12/02/2014 at 10:12 AM EST
Yes, please! :-)
re: First look at a new free Domino SSL certificate tool By Richard Fenwick on 12/02/2014 at 10:56 AM EST
I think this is a good idea... something IBM should have released with hotfix
for 9.0.1 FP2
re: First look at a new free Domino SSL certificate tool By Andrew Pollack on 12/02/2014 at 11:08 AM EST
I think it's something that it would be nice for IBM to release in a future
fixpack or in 9.0.2 -- but I think it was smart to roll out what they could the
minute the could in this case.
re: First look at a new free Domino SSL certificate tool By Ray Bilyk on 12/02/2014 at 01:23 PM EST
Nice job! I'd be very interested...
re: First look at a new free Domino SSL certificate tool By Oliver Busse on 12/02/2014 at 01:26 PM EST
Would love to see this as an OpenNTF project!
Thanks for sharing & drop me a note if you have any questions on how to add it
on OpenNTF :)
re: First look at a new free Domino SSL certificate tool By Andreas on 12/03/2014 at 02:11 AM EST
Excellent idea and thank you for the effort taken. Since I am a wrongtyper, I
really would like this tool.
re: First look at a new free Domino SSL certificate tool By Hubertus on 12/03/2014 at 03:30 PM EST
Yes, this will be very helpful. I hate command line tools too. Please go ahead
;-)
re: First look at a new free Domino SSL certificate tool By Martin on 12/04/2014 at 11:20 AM EST
This add-on tool would be welcome. Its not only convenient, but it adds quality
in terms of transparency and a basic protocol feature.
re: First look at a new free Domino SSL certificate tool By Carsten on 12/06/2014 at 10:02 AM EST
It would ease the life. I am very interested in it!


Other Recent Stories...

  1. 07/13/2018Who is HCL and why is it a good thing that they are now the ones behind Notes and Domino?We need to address some biases here. IBM has made a deal under which the Notes & Domino software and intellectual property is now being developed and maintained by HCL America. HCL America is part of the very large "HCL Technologies" company that has grown from its roots in India to become an 8 Billion Dollar company with a global presence in the IT Industry. You could be excused for initially believing, as many people do when they hear this, that "they've outsourced the code to India where they'll milk it ...... 
  2. 03/21/2018Domino Apps on IOS is a Game Changer. Quit holding back.BOOM. This will be as important for the platform as Traveler. If your company has ditched Notes and Domino, I feel sorry for you. For companies that do use Notes/Domino this is a game changer and Apple should be paying attention. Here's why: There are hundreds of little Notes client applications you'd never spend the time and money to build and deploy for your internal user base on IOS that we use Notes for all the time (those of us still using it). Now, those are suddenly ALL available on the iPad. ...... 
  3. 02/15/2018Andrew’s Proposed Gun LawsThese are my current thoughts on gun laws that would radically change the culture and safety of gun ownership in the United States without removing the rights of gun owners or compromising their privacy rights. * Please feel free to link to, or just copy, these ideas. It would be wonderful to see them spread widely and eventually become the basis for something to rally around and become legislation. Update: 3/3/2018 I added #7, increasing the age to purchase. Update: 4/27/2018 Please be aware that I am not ...... 
  4. 05/05/2016Is the growing social-sourced economy the modern back door into socialism? 
  5. 04/20/2016Want to be whitelisted? Here are some sensible rules for web site advertising 
  6. 12/30/2015Fantastic new series on Syfy called “The Expanse” – for people who love traditional science fiction 
  7. 10/20/2015My suggestion is to stay away from PayAnywhere(dot)com  
  8. 08/07/2015Here is one for you VMWARE gurus - particularly if you run ESXi without fancy drive arrays 
  9. 08/06/2015The Killer of Orphans (Orphan Documents) 
  10. 06/02/2015Homeopathic Marketing: Traveler on my Android is now calling itself VERSE. Allow me to translate that for the IBM Notes community... 
Click here for more articles.....


pen icon Comment Entry
Subject
Your Name
Homepage
*Your Email
* Your email address is required, but not displayed.
 
Your thoughts....
 
Remember Me  

Please wait while your document is saved.