Migrate Certificate to Domino Keystore

This article is the last one discovering the migration of Let's encrypt certificates to a domino environment. The previous artile was about Create Certificates with Let's Encrypt.

Now we can pickup the certificate. It will be stored on the filesystem of your server where you issued the certbot-auto command. The application tells you were you can pickup the certificate.  In our case the cerficates are located at

/etc/letsencrypte/archive/<nameOfTheServer>

Switch to that directory and copy all four files to a single file. You can either use an editor to to this or just cat them into the file.

cat firstfile.pem >> all.pem

...

cat fourthfile.pem >> all.pem

Now copy the file "all.pem" to an appropriate Notes client or Domino server. Download the kyrtool from IBM and extract the file into the programm directory. Now you can create a new kyr-file by initiating

 c:\Notes\kyrtool.exe create -k c:\cert\ourKeyring.kyr -p appropriateSecuredPassword

This will create a ourKeyring.kyr and ourKeyring.sth file in c:\cert directory. Now we can import the all.pem file into that keyring.

c:\Notes\kyrtool.exe import all -k c:\cert\ourKeyring.kyr -i c:\cert\all.pem

Now, we are done. Just copy the two files ourKeyring.kyr and ourKeyring.sth file to your domino data directory. Ensure the filename is the same as you entered it in your domino directory and that filepermissions are set correctly (notes:notes or what your runtime user is).

That's it. After a restart of Domino's http-task your new certificate is active.

Have fun