Howdie,

for a test environment, I had to wade through the AppDevPack/IAM Installation once more, this time on Windows. While most of the stuff I found was working fairly straightforward, I came across to things that caught my eye, so I thought I should write it down somewhere in case someone else stumbles upon it.


Addendum: 09-02-2020

Some people asked me whether I had to install OpenSSL first or not - and yes, as OpenSSL is not part of a default Windows Environment, you have to install it as a separate install package. Thankfully enough, there's a well maintained web site that offers 64/32 bit Windows Installers for OpenSSL, check this out if needed:
https://slproweb.com/products/Win32OpenSSL.html.

First issue: Creating Self Signed SSL-Certificates for the IAM Server.


While this is not a problem per se, the documentation explains how to create an SSL key using openssl, write a cnf file, create a csr file from that and a certificate from all of the components above. While the command for the last step is running fine for me on Linux, OpenSSL on Windows was throwing an error: "System cannot find the file specified".


This is the command in the documentation:

openssl x509 -passin pass:1234 -req -days 365 -in iamserver.csr -CA ca.crt
-CAkey ca.key -out iamserver.crt -CAcreateserial -CAserial ca.seq -sha256 -extfile
<(printf "[SAN]\nsubjectAltName=DNS:iamserver.c3ug.ca") -extensions SAN




After some quick tests, it happened to be the
-extfile parameter that caused the problem. To work around this, I had to create a separate *.cnf file to add the Altnames parameter to the certificate. So I created a new text file called "ssl-extensions-509.cnf" (name is yours to choose) with this content:

# ssl-extensions-x509.cnf

[v3_ca]
subjectAltName = DNS:iamserver.c3ug.ca

Then, I altered the command above to:


openssl x509 -passin pass:1234 -req -days 3650 -in iamserver.csr -CA ca.crt -CAkey ca.key -out iamserver.crt -CAcreateserial -CAserial ca.seq -sha256 -extfile ssl-extensions-x509.cnf

With that, the certificate got created as expected.

2nd Issue: Notes Client not starting up after OpenSSL install on windows.

Error:

HCL Notes
Failed to login
CLFRJ0010E: Notes initialization failed`

This happened to me as well as discussed here: https://atnotes.de/index.php/topic,62529.0.html

So basically, I had to uninstall OpenSSL from Windows again and to remove two dll's from C:\Windows\SysWOW64 directory (libcrypto-1_1.dll and libssl-1_1.dll) and then the Notes Client would eventually start again.

That's it - other than that my test environment now runs nicely on Windows as well. Hope this helps if needed.

Heiko.

Heiko Voigt   |   26 May 2020 16:57:21   |    Domino  domino-db  Node.js    |  
  |   Next Document   |   Previous Document

Discussion for this entry is now closed.

Comments (1)

Ben Langhinrichs    http://geniisoft.com/db/WebLog    26.05.2020 18:01:49

Thanks for posting this. It is immensely useful when members of the community share the workarounds and gotchas which otherwise have to be discovered over and over (or never solved at all) by new people.