Skip to main content

Admin Notes: Adding a Certificate to the Lotus Domino JVM Cacerts keystore

It seems that I get called upon frequently to add certificates to the Lotus Domino JVM cacerts keystore.   I think the developers are using it for some sort of web service request.

I thought I'd post it here in case there are other people like me who need to do this occasionally, and can never find the default password, or forget the syntax to install a new ssl certificate.

Fig. 1 - Navigate to the Domino JVM security directory

Step 1 - Navigate to the Domino JVM security directory.   For me, that's c:/lotus/domino/jvm/lib/security.  For simplicity sake, I put the .cer certificate file in the security folder.  It let's me quickly know which certificates I have installed in the cacerts on that server.

Fig. 2 - Install the certificate in the cacerts keystore

Step 2 - Enter the command to install the certificate in the keystore.   The tool to use is called keytool, and it's located in the jvm/bin directory.

The command line to install the certificate looks like this:
keytool -import -trustcacerts -alias certificate -file your_certificate.cer -keystore cacerts
The important part for you to change in the line above goes like this, the word after -alias signifies the name the certificate is referenced as in the keystore.  The word after -file is the name/location of the certificate you are installing.  The word after -keystore is the name/location of the keystore file.

Once you enter all of this, and press enter, you will be prompted for the password for the cacerts keystore.  The default password for the keystore is 'changeit'.  Clever, eh?   Enter the password (changeit) and press enter again.

Fig. 3 - Prompting to accept the certificate
Step 3 - You will be prompted to accept the certificate.  Type 'y' or 'yes', if you trust it.

Step 4 - Restart your Lotus Domino server or service.  Try to do it when there are no users on the server.  Causes less complaining.

Let me know if you found this useful.  I've added it to the Lotus Notes and Domino Wiki, and registered to win free stuff from WikiMadness.

Comments

  1. Thanks for this, I just had to do this and it's not documented (or at least I couldn't find it).

    ReplyDelete

Post a Comment

Popular posts from this blog

Policies and Controls are King in the IT Security world

I came across an article by Roger Grimes over at Infoworld on how security policies and controls are the real power when it comes to IT security. Roger mentions the SANS 20 Critical Security Controls for Effective Cyber Defence , which are a great read for anyone looking at updating or auditing your policies for completeness. The SANS top 20 controls are a must for any organization: Inventory of Authorized and Unauthorized Devices Inventory of Authorized and Unauthorized Software Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers Secure Configurations for Network Devices such as Firewalls, Routers, and Switches Boundary Defense Maintenance, Monitoring, and Analysis of Security Audit Logs Application Software Security Controlled Use of Administrative Privileges Controlled Access Based on the Need to Know Continuous Vulnerability Assessment and Remediation Account Monitoring and Control Malware Defenses Limitation and Control

Error 217 - Error creating product object on Domino 64 bit

I'd like to share something with you.   An error that you'll get if you are trying to use ODBC with Domino 8.5.1 64bit. It starts out with an agent error of Error 217.  The text of the error is "Error creating product object" You can read about it here on the Notes/Domino forum . You can find the solution here as well . I guess I'm now waiting for Domino 8.5.2 for a solution for this.   It would have been nice to have had this in the release notes.  It would have help me greatly.

Fun Little Earthquake

It's 1:45pm EST in Ottawa, Ontario, Canada. We just had an earthquake.  Not strong enough to damage anything, but enough that I watched people run out of buildings. What a fun Wednesday.