Problem
You want to apply the SSL certificate to your IIS servers and to your Domino web server as well.
Resolution
- Create an export pfx file from IIS
- Go to a domino server and from a prompt, find the directory : \domino\jvm\bin directory. Run the file "ikeyman" within it
- Create a new Key DB file by browsing to the IIS exported pfx file and importing it as PKCS
- Examine the imported certificated and note the certificate settings such as Organisation, OU, L…
- Close ikeyman
- Create a new key ring file using the Secure Certificate Admin db on Domino
- Give it the same settings as the original IIS certificate noted down in step 4.
- Install the trusted root certificate into the key ring file.
- Copy the .kyr and .sth files to the server where ikeyman runs and where the PKCS file generated in step 3 was located.
- Download the gsk version of ikeyman to handle Domino key ring files from here : ftp://ftp.software.ibm.com/software/lotus/tools/Domino/gsk5-ikeyman.zip
- Extracted zip file to folder ‘gsk’ on server (folder can be called anything but no spaces)
- Run ‘gskregmod.bat Add’ from command prompt within extracted folder
- Launched the ikeyman from dos prompt in the newly extracted folder by typing ‘”runikeyman.bat”
- Choose Key Database File – Open and select the kyr file that was copied to the server in step 9.
- Go to Personal Certificates and click ‘Import’ then choose ‘PKCS’ and import the file generated in step 3.