Converting from OpenSSL to Domino KeyFile

For a proof of concept, I was working on, I had to convert a PrivateKey/SSL Certificate to an IBM Domino Keyfile Format.

Using OpenSSL, my teammate generated a Certificate Request for an SSL Certificate. Once he had the real certificate, I downloaded the private key and the certificate files from the Certificate request, so I could get them in the right format.

I named the private key Wild.key and the received certificate WildCert.cert. From there, I did the following to get it into the PKCS12 format:
openssl pkcs12 -export -inkey Wild.key -in WildCert.cert -name c2wildcard -out wild.p12

When prompted, enter a password, such as passw0rd.

Download the latest IBM iKeyMan, it’s in the IBM Http Server Package. Make sure this is the one from the most recent IBM Http Server

Now that it was in the PKCS12 format, I launched iKeyMan

Open a new Terminal Window
Type locate ikeyman
Launch ikeyman

Then I created a new Key Database file (wild.kdb)
I imported the wild.p12 database.

I saved the KeyDatabase with Stash File and password
Click File > Exit

Now, here is the trick to convert it to the Domino KYR format.
Startup your OLD Windows XP VM
Download ftp://ftp.software.ibm.com/software/lotus/tools/Domino/gsk5-ikeyman.zip
Extract the zip to c:\
Run register command (as specified in the bat file)
Launch ikeyman in the bin directory for gsk5

Click File > Open
Enter the password designated above
Click File > Save As
Select KYR format

*Copy the KYR file to your Domino Server and the Stash File you just generated for the kdb.

Then follow http://www-01.ibm.com/support/docview.wss?uid=swg21114148

Steps to configure SSL on the server:
1. Verify that the key ring files created previously are in the Data directory of the Domino server.
2. Open the Server document for this server. Go to the Ports -> Internet Ports tab.
3. If necessary, change the entry in the SSL key file name field to reflect the name of the server key ring file.
4. Make sure that SSL port status is set to enabled. Optionally, to force SSL to be used for all connections, change “TCP/IP Port Status” to “Redirect to SSL.”
5. Save and close the Server document.
6. Restart the HTTP task at the server console.

Preconfigured Development Environment – How to provision instance IBM Collaboration Quickstart for Social Business 3.0

(Repost from ibmdw.net/social)

How many times have you setup IBM Connections, IBM Sametime and IBM Domino to replicate a complete customer environment?  100 times, 10 times, 1 time?

How many times have you done it to develop code? 100 times? 10 times? 1 time?

Well, the IBM Social Business Toolkit and Application Development team has saved you time and energy, and you focus on development. 

The IBM Collaboration Quickstart for Social Business is a pre-configured development, test and demonstration environment which includes IBM Connections, IBM Sametime, IBM Domino, IBM Connections Mail, IBM Domino Social Edition and IBM Social Business Toolkit.  The software is configured to work together using single sign and integrated feature sets with the developer optimizations turned on.  These software are also setup to work with 85 pre-configured users and service specific users.  More details are at the AppDev Wiki. An instance can be provisioned in just about one hour.

The newest Quickstart 3.0 contains:

  • IBM Connections 4.5 CR1
  • IBM Sametime 8.5.2 IF1
  • IBM Domino 9.0 and Social Edition
  • IBM Social Business Toolkit 2013 07 10
  • IBM Connections Mail 1.3

The Quickstart is available for use on the IBM SmartCloud Enterprise. The image is  “IBM Collaboration QuickStart for Social Business v3.0 64b”.  There is also an ongoing trial available. Details on provisioning the instance to your SmartCloud account is available at http://www.slideshare.net/paulbastide/quickstart-provision30