Lots of great updates for internet security in Domino 12 and for me some of the smallest changes will make the biggest impact to my daily work. For instance, Domino continues to support its proprietary kyr keyfile format but now also supports the PEM format which is commonly used by many web servers.

You can create a PEM file using any text editor and pasting the entire certificate chain into it in the order

• Private Key
• Server CA certificate
• Intermedia certificate
• Trusted root or chain certificate

Save the text file with a .pem extension and you’re NEARLY done.

NEARLY - Daniel Nashed has informed me that the process was changed at the last minute for GA and the only way to get the PEM key recognised by Domino is to import it once created using

load certmgr -importpem {filename}

Of course the new approach is to use certmgr for everything from creating the private key and csr through to importing the final PEM and I have another blog ready to go on that as there’s a lot more to certmgr that we need to discuss.