Domino Server Certificate Installation


#1

My operating system is (include version): Windows Server 2003

My web server is (include version): IBM Domino 9.0.1

My hosting provider, if applicable, is: GoDaddy

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m brand new to this and trying to install a valid certificate to my IBM Domino server so I can enable https. Has anyone set this up or can anyone help me get going?


#2

Windows Server 2003 extended support ended on July 14, 2015 so I suspect it’s really time to upgrade, as I don’t think that supports all the more modern functionality, sorry.


#3

(I am not a Domino Admin, just trying to be helpful)

It will most likely be a bit tricky to arrange this. Without any help coming from Microsoft or from IBM / Lotus you will probably need to be a confident command line user at least, and probably at least somewhat comfortable writing small programs in order to leverage the automation of Let’s Encrypt from your Domino setup.

Essentially, there are two halves to the problem. One half is persuading Let’s Encrypt (or rather, the backend servers that make it work) that you genuinely control some particular Fully Qualified Domain Name from the Internet, such as myserver.example.com, without this step of course they are not permitted to issue you with any certificates for that name. There has been some effort to make this process do-able without great expertise on Windows, but only for IIS. Of course if you can bring the necessary expertise (especially in terms of Domino), we can try to help explain, but I don’t want to give you false hope if that’s not a journey you’re prepared for.

The other half is getting the certificate installed in Domino, preferably in a way that doesn’t need manual work every couple of months (Let’s Encrypt certificates are intended to be replaced at least every 90 days). IBM’s documentation seems to imply that a “keyring” file should be copied over and the Domino server restarted each time, but perhaps that step can be automated too.


#4

Hi Takachsin

Have a look at these:

http://www-01.ibm.com/support/docview.wss?uid=swg21418982

https://www-10.lotus.com/ldd/dominowiki.nsf/dx/kyrtool

LetsEncrypt issues SHA2 certificates so that’s going to be your first hurdle. Looks like you are going to have to install a patch to utilise these.

Once you have SHA2 support follow one of these guides:

https://www.digicert.com/ssl-certificate-installation-lotus-domino.htm

http://www-01.ibm.com/support/docview.wss?uid=swg21268695

One of the things I have noticed about Domino Server is that it has a custom key ring. Which makes things a bit more fun but not un-doable.

Andrei


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.