Don't try to extract the private key from the Domino.kyr file

Update – the method does work – see this post. Not sure why the technote says it doesn’t

I have been making some good progress with addressing the SSL issues by using an Apache Server in front of Domino and running on the same box – from a HTTP / HTTPS point f view it is actually pretty straight forward. One rub though is that I wanted to re-use my existing SSL certs

I think I could have done this using Windows XP ( no joke ) and IKeyman to extract the private key from the Keyring as per this technical article from IBM

How to export the private key from a Domino keyfile by using IKEYMAN

Unfortunately this method does not work and has not worked since 6.5 by the looks of it.

Under today’s theme of irony the technote contains a link to the SPR saying that the method in the technote does not work

You really couldn’t make this stuff up

6 Replies to “Don't try to extract the private key from the Domino.kyr file”

  1. I dunno… I have an XP VM with ikeyman and we use this (or have used this) to export/convert the keyring file and use it with Citrix and IIS.

    Actually, it’s called my “IBM VM” and is all blue themed. I have it for Lotus 1-2-3 and ikeyman so I can process exported Notes views (since IBM has had the foresight to only allow Notes to export to 1-2-3 format if you want a spreadsheet export).

  2. @Sean I just exported the keys from a Domino keyring and used openssl commands to convert the cert to a format that Apache likes. When I have time later tonight I will put it down in writing and send it off to you.

  3. I now have a Domino server running through Apache using the original Domino SSL certs. It has been a bit of a learning curve but it is actually not too bad in hind sight.

    I will Blog about it soon

Leave a Reply

Your email address will not be published. Required fields are marked *

6 + 3 =