fighting for truth, justice, and a kick-butt lotus notes experience.

Bye-Bye IBM iKeyman - welcome Java keytool

 Januar 16 2020 12:14:04 PM
It seems that HCL has removed the old IBM iKeyman tool from the Notes Domino 11 installation packages.

iKeyman can be used to make changes in Java Keystore files. For example to add a trusted root certificate to the cacerts.


For HCL it makes sense to remove the IBM legacy files and tools. With the installed JVM, the standard Java keytool is installed, which can also be used to edit the keystore files.


The keytool is located in the Domino program directory in the subfolder JVM/BIN. It is available for Linux and Windows.


Here is an example to add another Trusted Root CA - here a DigiCertGlobalRoot - to the cacerts file with the keytool:



/opt/ibm/domino/notes/latest/linux/jvm/bin/keytool -import -trustcacerts -keystore /opt/ibm/domino/notes/latest/linux/jvm/lib/security/cacerts -storepass changeit -alias DigiCertGlobalRootG2 -import -file /tmp/DigiCertGlobalRootG2.pem



For the keytool syntax and more examples, check out:
https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html


Archive