CSNCurrent en:Add a self-created SSL certificate to the list of trusted certificates on the Domino Server (optional)
Depending on which SSL certificate you are using on your Cryptshare Server, a certificate error may occur when establishing a connection between the Domino Server and the Cryptshare Server. This happens if the Domino Server does regard the SSL certificate used on the Cryptshare Server as untrusted which typically is the case when you use a self-generated, private SSL certificate on your Cryptshare Server. But it is also possible that a public, commercial SSL certificate will not be regarded as trusted by your Domino Server by default. Please refer to the admin manual of your Cryptshare Server concerning the handling of SSL certificates on the Cryptshare System.
To add a certificate as trusted to the certificate storage in the Domino Java Environment, please proceed as follows:
Method 1) Using the Windows GUI:
The simplest way to install certificates is to download and install a program called Keystore Explorer to import your certificate into the keystore. The default password for the keystore is "changeit"
Method 2) Using the Windows Command Line:
- Open a command prompt
- cd into to the Java Runtime Directory of your Domino Server "<Domino Server Directory>\\jvm\\bin"
- Execute the following command:
keytool.exe -import -trustcacerts -keystore ..\\lib\\security\\cacerts -alias <sitename> -file <SSL Certificate>
The default password for the JAVA certificate storage is `changeit `When asked if you want to trust the certificate, please confirm.
SSL import example
SSL import on MS Windows systems keytool.exe -import -trustcacerts -keystore ..\\lib\\security\\cacerts -alias YourCryptshareDomain.com -file C:\\tmp\\YourCertificate.cer
Useful commands when working with keystores and certificates
Show keystore keytool -list -keystore ..\\lib\\security\\cacerts Delete Keystore Entry keytool -delete -alias <sitename> -keystore ..\\lib\\security\\cacerts Export Keystore Entry keytool -export -alias <sitename> -file <filename> -keystore ..\\lib\\security\\cacerts
- Open the console
- Navigate into the Java Runtime Directory on the Domino Server `"<Domino Server Directory>/jvm/bin"`
- Execute the following command
keytool -import -trustcacerts -keystore ../lib/security/cacerts -alias <sitename> -file <SSL Certificate>
The default password for the Java Certificate Store is `changeit` If you are asked to trust the certificate, please confirm.