Creating a sha2+ keyring with Domino CA signed certificate
Ever wondered how to use the new keyring tool with your Domino based Internet Certificate Authority?
This should work
First we create a new keyring using the 'new' kyrtool
kyrtool create -k c:\ibm\keyring.kyr -p mypassword
Then we create a private key and csr using openssl
openssl genrsa -out server.key 4096
openssl req -new -sha256 -key server.key -out server.csr
Open the certificate request database of your Domino based internet CA in your browser and select 'Request server certificate' and paste the contents of server.csr and click submit to request the certificate.
Once the certificate has been signed, pick it up in the browser using the pickup id (you should have received this ID by email)
Select RAW format and copy paste into a file, in this example server.cer
Next we combine the private key, the signed certificate and CA certificate into a single file.
copy server.key+server.cer+cacert.cer combined.txt
(cacert.cer = base64bit encoded )
Finally we import this combined file into the Domino keyring
kyrtool import all -k c:\ibm\keyring.kyr -i combined.txt