Using an existing SSL certificate on IBM Domino

May 2nd, 2013

A customer of mine had an existing wild card SSL certificate running on IIS. They wanted to use this wild card SSL certificate for their IBM Domino server.

I had all the SSL certificate files available (the trusted root CA, the certificate and the private key). So I quickly found the guide from Gab Davis and did something similar: I created a key ring using the Server Certificate application on the Domino server and installed the trusted root certificate into the key ring. I then opened the key ring file in the gsk5 version of iKeyman (on Windows XP in order for it to run) but ran into the issue that I was unable to import the private key (.pfx).

The solution was to import the private key file in the Certificates program (certmgr.msc) by opening the private key file (and providing the password for the file and selecting the option to mark the key as exportable). Once imported I then exported the same private key as PKCS#12 (.pfx) and I was now able to import the private key as a personal certificate in the gsk5 version of iKeyman.

I saved the updated key file, added it to the IBM Domino server, and HTTPS was then working as expected.

Tags: ,

7 Responses to “Using an existing SSL certificate on IBM Domino”

  1. Pontus Says:

    Thanks!

    I got it to work thanks to this!

  2. Per Henrik Lausten Says:

    Hi Pontus, great to hear!

  3. Gary Wilkinson Says:

    Great! this has allowed me to use a SSL certificate from Tomcat and import the private key into Domino.

    The only different I had to do was when exporting the private certificate was to tick the following (this was on Windows XP, doesn't appear to be in Windows 7)
    Enable strong protection (requires IE5.0, NT 4.0 SP4 or above)

    Thanks again.

  4. Mats Ekman Says:

    I did some documentation and a checklist on how to do this at my company blog.
    Maybe that could help you out, here is the link:

    http://wp.me/p1CuQM-pG

    Regards
    Mats

  5. Per Henrik Lausten Says:

    Thanks, Mats!

  6. Daniel Says:

    Hi, I'm getting error when I try to import the private key as a personal certificate in the gsk5 version of iKeyman too, but I import and export the private key as you said and I'm still receiving "An error ocurred while importing keys from the PKCS12 format file" error. Can you help, please? The PFX was exported from the IIS too. I already tried many things but I cannot get this working.

    Thank you in advance.

    Daniel

  7. Per Henrik Lausten Says:

    Hi Daniel, I will suggest that you ask your question on Server Fault at http://serverfault.com/questions/tagged/lotus-domino.