05-07-2015

How to create a Domino keyring for a SHA2+ certificates

Tags: keyring kyrtool x509 ssl certificate openssl domino sha2
When creating the CSR directly through the SSL Vendor's website you need to combine the key and certificate into the Domino keyring file, and when the private key is not in RSA format it needs to be converted.

This post is based on my experience with a certificate created through TransIP's website.

After creating the request I received a .zip file which contained the following:

Cabundle.crt
Certificate.crt
Certificate.key
Certificate.p7b

To create a new Domino keyring using kyrtool use the following command:

Kyrtool create –k c:\cert\keyfile.kyr -p password

Unfortunately the certificate.key file provided by TransIP is not in RSA format which is not supported by kyrtool.
In this case the format was easily determined by looking at the first line of the file, instead of starting with ------BEGIN RSA PRIVATE KEY----- the file started with  ------BEGIN ENCRYPTED PRIVATE KEY------