|Professional Services||Second Signal||Presentations||Andrew's Blog||Support|
I've coded something that I plan to release to the community if there is enough interest. It's designed to make the process of getting SHA2 certificates a little easier. I've had to request a fair number of these recently and the command line stuff is tedious and it's easy to make mistakes or misplace the various files. This tool uses the same steps as the process IBM documents and the same tools. You still have to install openSSL and the kyrtool update on your 9.x Admin client machine. The tool checks to make sure all this is in place before it tries to do anything. Essentially, this is just a front end for a scripting tool.
This screen shot represents a "working prototype" -- and if there is enough interest, I'll finish cleaning it up and making it a little prettier and then letting it out there.
Workflow is like this:
1. Fill in the various CA required fields.
2. Click "Generate CSR" -- at this point, the keypair is generated and a certificate request is generated. The CSR is place in a text field labeled "CSR".
3. Copy the text in the CSR and give it to your SSL provider. Go through their validation process.
4. The SSL provider will give you back your certified "Leaf" certificate, their CA trusted root certificate, and often one or more "intermediate certificates". You paste each of these into the labeled text fields.
5. Click "Generate Keyring"
6. Domino's KYR and STH files are created. They'll be saved as file attachments to this main document. You can then deploy them.
I like the idea of using a single document for this and keeping all the parts on that document so that if you need to you can always re-generate the files. It also makes it easy to find them in the database by subject name.
Tell me what you think.
Please wait while your document is saved.