Query results for : February 2013
Recover your Domino SSL Keystore password- 27 February 2013 - (2) Comments
Thomas Hampel
27 February 2013In a situation where an you need to verify the contents of a Domino SSL Key ring file (*.kyr) its very useful to know the password to that key ring.
Unfortunately thats not always the case, e.g. when inheriting a server for which no documentation exists, or in simple terms when you forgot the password.
In order to recover the password in clear text, just enable the debug parameter SSL_TRACE_KEYFILEREAD=1 in the Notes.ini
To avoid any impact to production, you might want to do this in an isolated environment like a fresh installed Domino server or a test server you already have.
So this is what you have to do:
- Install a new isolated Domino server (or use a test server of your choice)
- Copy the *.kyr + *.sth file from the production server to the new server
- Configure the HTTP task to make use of this key ring file, by updating the server document/internet ports, or by updating the internet site / security configuration.
- Enable the Notes.ini parameter by typing this command at the server's console
set config SSL_TRACE_KEYFILEREAD=1 - Restart the HTTP task
tell http restart - Watch the console to obtain the password in plain text:
ReadKeyfile> Recovering password from stash file
ReadKeyfile> Password is ABCDEFGH
ReadKeyfile> Reading keyfile /opt/IBM/notesdata/keyfile.kyr
ReadKeyfile> Looking for trusted roots
ReadKeyfile> Found trusted roots
ReadKeyfile> Exit status = 0
ReadKeyfile> Recovering password from stash file
ReadKeyfile> Password is ABCDEFGH
ReadKeyfile> Reading keyfile /opt/IBM/notesdata/keyfile.kyr
ReadKeyfile> Looking for cert chain
ReadKeyfile> Got cert chain
ReadKeyfile> Exit status = 0
ReadKeyfile> Recovering password from stash file
ReadKeyfile> Password is ABCDEFGH
ReadKeyfile> Reading keyfile /opt/IBM/notesdata/keyfile.kyr
ReadKeyfile> Looking for private key
ReadKeyfile> Decoding keys
ReadKeyfile> Keys decoded
ReadKeyfile> Exit status = 0
HTTP Server: Using Internet Site Configuration View
Now you can use the Domino Server Certificate Authority application to take a closer look into the *.kyr file.
Change ReplicaID of existing DBs without creating a Notes Copy- 23 February 2013 - (0) Comments
Enable ’Show in-line MIME images as attachments’ via Policies- 11 February 2013 - (0) Comments
Thomas Hampel
11 February 2013Some Notes client preferences can not be enabled via Domino Policies because the values are not exposed as a parameter in the Domino Directory template.
One of them is "Show in-line MIME images as attachments"
In order to enable/disable this setting, you'll have to set a Notes.ini variable via policies
ShowIMIMEImagesAsAttachments=1
Instead of modifying the Domino Directory template its enough to add this variable in the custom settings section of the Desktop policy settings.