Tuesday, April 24, 2012

Lotus Domino SSL issues

One afternoon last month I really struggled with an easy SSL keyring setup. I did the usual create keyring file, send off the CSR, received the signed request, install trusted root and intermediate certificates and finally install the signed request. Everything looked good except when I started HTTP on Lotus Domino I received the error

> load http
HTTP Server: SSL Error: No local certificate, key ring file [keyfile.key], [Default Server]
HTTP Server: Using Web Configuration View
JVM: Java Virtual Machine initialized.
HTTP Server: Java Virtual Machine loaded
HTTP Server: DSAPI Domino Off-Line Services HTTP extension Loaded successfully
XSP Command Manager initialized
HTTP Server: Started


and when I would go to the website using https:// in Chrome, I would get a page saying:

SSL connection error
Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.


I don't have internet site documents turned on. After a few attempts of stopping and started HTTP, I decided to dust off gsk5-iKeyMan. After awhile of poking around I found the issue. Notice the name of the file in the error message? keyfile.key. That was the issue. As soon as I changed the keyfile.key file name to keyfile.kyr, and changed the name in the server document under ports > Internet Ports > SSL key file name, HTTP started without issues. *facepalm*



> load http
HTTP Server: Using Web Configuration View
JVM: Java Virtual Machine initialized.
HTTP Server: Java Virtual Machine loaded
HTTP Server: DSAPI Domino Off-Line Services HTTP extension Loaded successfully
XSP Command Manager initialized
HTTP Server: Started