[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3542
  • Last Modified:

Unable to import a PKCS file to a kyr file using ikeyman

I am in the process of moving an IIS based Wildcard SSL certificate to a Domino Keyring file. I saw an article at http://www.turtleweb.com/turtleblog.nsf/dx/11022009232215GDAVGR.htm and I followed the instructions there, but I am getting an error message at step 15. when I click Import and select the p12 file, the error appears and it says "An error occurred while importing keys from the PKCS12 format file". I got an error in step3 and I had to replace the Security policy files. In step-8, I installed the Intermediate Certificate also after the Trusted root Certificate. In step-13, the ikeyman was not launching and I had to replace the JRE folder with JRE 1.1.8 to fix that. Now at the last step, when I click Import and select the p12 file, the error appears and it says "An error occurred while importing keys from the PKCS12 format file". I am totally lost. I searched internet for many days and couldn't find a fix.
0
lvilleitdept
Asked:
lvilleitdept
  • 3
  • 2
1 Solution
 
ParanormasticCryptographic EngineerCommented:
When you exported the pfx file, did you keep the strong protection on, requiring you to assign a password?  Or did you remove that so no password?  There should be a password if you didn't do that - some programs will behave oddly if you don't.  Also, try having a password that is at least 8 characters long - although it shouldn't matter, I've seen issues with less than 4 or 8 characters in some rare cases.  Blank passwords (as opposed to no password requirement) messes with a number of programs.

The other thing you can do is to try converting the pfx file to PEM format - some programs work better with a PEM formatted cert.  You can download OpenSSL from http://gnuwin32.sourceforge.net/packages/openssl.htm

Here's a script to run - you can pass the variables when you run the .bat file or you can replace them ahead of time.

: %1 = filename (will be used for PFX and PEM filenames)
: %2 = password for input PFX file
: %3 = password for output PEM file
c:\openssl\bin\openssl.exe pkcs12 -in %1.pfx -passin pass:%2 -out %1.pem -passout pass:%3
pause
0
 
lvilleitdeptAuthor Commented:
When I exported the pfx file, I used the password. I was able to import the pfx file into the Domino KEY DB file as PKCS. I saved this with the name key.p12 .  Later when I created a key ring file and try to import this PKCS file (key.p12), I am getting the error

I also tried with OpenSSL, but no luck.
0
 
ParanormasticCryptographic EngineerCommented:
what version of lotus or domino are you using?  I'm seeing a few things on 6.0 & 6.5 that are patched, but that's getting a little outdated so I'm not jumping too much just yet on that stuff.
0
 
lvilleitdeptAuthor Commented:
Lotus Domino (r) Server, Release 7.0.2
0
 
ParanormasticCryptographic EngineerCommented:
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now