«
»

Using an existing SSL certificate on IBM Domino

May 2nd, 2013

A customer of mine had an existing wild card SSL certificate running on IIS. They wanted to use this wild card SSL certificate for their IBM Domino server.

I had all the SSL certificate files available (the trusted root CA, the certificate and the private key). So I quickly found the guide from Gab Davis and did something similar: I created a key ring using the Server Certificate application on the Domino server and installed the trusted root certificate into the key ring. I then opened the key ring file in the gsk5 version of iKeyman (on Windows XP in order for it to run) but ran into the issue that I was unable to import the private key (.pfx).

The solution was to import the private key file in the Certificates program (certmgr.msc) by opening the private key file (and providing the password for the file and selecting the option to mark the key as exportable). Once imported I then exported the same private key as PKCS#12 (.pfx) and I was now able to import the private key as a personal certificate in the gsk5 version of iKeyman.

I saved the updated key file, added it to the IBM Domino server, and HTTPS was then working as expected.

Related posts (automatically generated):

Tags: ,

This entry was posted on Thursday, May 2nd, 2013 at 22:21. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

7 Responses to “Using an existing SSL certificate on IBM Domino”

  1. Pontus Says:
    September 4th, 2013 at 15:18

    Thanks!

    I got it to work thanks to this!

  2. Per Henrik Lausten Says:
    September 4th, 2013 at 19:56

    Hi Pontus, great to hear!

  3. Gary Wilkinson Says:
    December 6th, 2013 at 22:57

    Great! this has allowed me to use a SSL certificate from Tomcat and import the private key into Domino.

    The only different I had to do was when exporting the private certificate was to tick the following (this was on Windows XP, doesn't appear to be in Windows 7)
    Enable strong protection (requires IE5.0, NT 4.0 SP4 or above)

    Thanks again.

  4. Mats Ekman Says:
    January 16th, 2014 at 18:17

    I did some documentation and a checklist on how to do this at my company blog.
    Maybe that could help you out, here is the link:

    http://wp.me/p1CuQM-pG

    Regards
    Mats

  5. Per Henrik Lausten Says:
    January 16th, 2014 at 21:40

    Thanks, Mats!

  6. Daniel Says:
    February 26th, 2015 at 21:29

    Hi, I'm getting error when I try to import the private key as a personal certificate in the gsk5 version of iKeyman too, but I import and export the private key as you said and I'm still receiving "An error ocurred while importing keys from the PKCS12 format file" error. Can you help, please? The PFX was exported from the IIS too. I already tried many things but I cannot get this working.

    Thank you in advance.

    Daniel

  7. Per Henrik Lausten Says:
    February 26th, 2015 at 21:51

    Hi Daniel, I will suggest that you ask your question on Server Fault at http://serverfault.com/questions/tagged/lotus-domino.