Personal Blog of Thomas Hampel - Creative Mythbusting in Development and Collaboration

Who am I?

Feeds

Query results for : February 2013

Recover your Domino SSL Keystore password- 27 February 2013 - (2) Comments

Thomas Hampel
 27 February 2013

In a situation where an you need to verify the contents of a Domino SSL Key ring file (*.kyr) its very useful to know the password to that key ring.
Unfortunately thats not always the case, e.g. when inheriting a server for which no documentation exists, or in simple terms when you forgot the password.

In order to recover the password in clear text, just enable the debug parameter SSL_TRACE_KEYFILEREAD=1 in the Notes.ini
To avoid any impact to production, you might want to do this in an isolated environment like a fresh installed Domino server or a test server you already have.

So this is what you have to do:
  1. Install a new isolated Domino server (or use a test server of your choice)
  2. Copy the *.kyr + *.sth file from the production server to the new server
  3. Configure the HTTP task to make use of this key ring file, by updating the server document/internet ports, or by updating the internet site / security configuration.
  4. Enable the Notes.ini parameter by typing this command at the server's console
    set config SSL_TRACE_KEYFILEREAD=1
  5. Restart the HTTP task
    tell http restart
  6. Watch the console to obtain the password in plain text:

ReadKeyfile> Recovering password from stash file
ReadKeyfile> Password is ABCDEFGH
ReadKeyfile> Reading keyfile /opt/IBM/notesdata/keyfile.kyr
ReadKeyfile> Looking for trusted roots
ReadKeyfile> Found trusted roots
ReadKeyfile> Exit status = 0
ReadKeyfile> Recovering password from stash file
ReadKeyfile> Password is ABCDEFGH
ReadKeyfile> Reading keyfile /opt/IBM/notesdata/keyfile.kyr
ReadKeyfile> Looking for cert chain
ReadKeyfile> Got cert chain
ReadKeyfile> Exit status = 0
ReadKeyfile> Recovering password from stash file
ReadKeyfile> Password is ABCDEFGH
ReadKeyfile> Reading keyfile /opt/IBM/notesdata/keyfile.kyr
ReadKeyfile> Looking for private key
ReadKeyfile> Decoding keys
ReadKeyfile> Keys decoded
ReadKeyfile> Exit status = 0
HTTP Server: Using Internet Site Configuration View

Now you can use the Domino Server Certificate Authority application to take a closer look into the *.kyr file.

Change ReplicaID of existing DBs without creating a Notes Copy- 23 February 2013 - (0) Comments

Thomas Hampel
 23 February 2013

If you want to change the replicaID of a database without doing a Notes Copy, feel free to use this small script:
ChangeReplicaID.lss

Enable ’Show in-line MIME images as attachments’ via Policies- 11 February 2013 - (0) Comments

Thomas Hampel
 11 February 2013

Some Notes client preferences can not be enabled via Domino Policies because the values are not exposed as a parameter in the Domino Directory template.
One of them is "Show in-line MIME images as attachments"
Image:Enable ’Show in-line MIME images as attachments’ via Policies

In order to enable/disable this setting, you'll have to set a Notes.ini variable via policies
ShowIMIMEImagesAsAttachments=1

Instead of modifying the Domino Directory template its enough to add this variable in the custom settings section of the Desktop policy settings.
Image:Enable ’Show in-line MIME images as attachments’ via Policies
Image:Enable ’Show in-line MIME images as attachments’ via Policies

Upload Notes ID into Shimmer Profile- 6 February 2013 - (0) Comments

Thomas Hampel
 6 February 2013

Just in case anyone wants to upload a local NotesID into the iNotes Shimmer profile, here is the source code for a button.
UploadNotesID.lss
Thomas Hampel, All rights reserved.