Tag Archives: SSL

Certificate Information tool v4

SSL certificates, SAML certificates, Signing certificates the number is long of different kinds of certificates and you might need to check the name of a certificate, the start or end date or perhaps the thumbprint.

I use the tool mainly to get end dates of certificates sent to me from customers because I hate when they expire and need to be changed without any preparation. And the worst kind that most administrators often miss is the certificates that is auto created i.e. in ADFS servers, Azure Enterprise apps, Okta

With Certinfo it super simple to check a certificate CertInfo.exe -file <path to file> -enddate will print the end date and time on the console. Or you can do CertInfo.exe -cert <Base64 of cert> -subject and you will get the subject of the cert.

In version 2 I’ve also added -url as a parameter to get the certificate directly of the webserver.

Version 3 this version have a new parameter called -urlfile it takes an text file with webserver adresses or ip adresses separated with newline and will return the info from all of them.

Version 4 has a parameter to get the info saved in a csv format. also the property -urlinfo to print out the url send in to the command. also the parameter -urlfilestring this enabled you to add a semicolon after the url in a text file and print out this for each line, good when you do a csv printout.
And finally a fix is applied to prevent redirect this is to get the cert from the server that is requested even if it redirects the request.

Download and test CertInfo here

Folder icons created by cahiwak – Flaticon

Getting data from an HTTPS site in backend using XPages

If you want to connect to an SSL protected site and get information it could be an webpage or a webservice if you are using xpages and the certifier isn’t already in Domino you need to import the certificates.

Open up the Domino Name and adress book navigate to Security -> Certificates

When you are in this view the action menu will have a new option

Select these and import each of the certificates that you have.

When they are imported you need to create a Cross certificate.

Go in to each one of the newly imported certificates and in the actions meny you will have create cross certificate create a cross certificate against the server. Make sure to change from Local to the server in registration server. When you are done.

Restart task HTTP on the server console and you should be able to connect.

If it’s an old Java agent this doesn’t work then you need to import the certificate in the keystore in the jvm.
If you are doing this let me know and I assist you.

 

Setting up a sFTP server to be used with an existing Domino SSL certificate

With the new way of creating SSL certs for Domino a new opportunity occurred to me and actually it worked great. Because we create the certificates using OpenSSL the generated Key and certificate can actually be used on the same server to setup a FTPS server. Saidly because the Domino FTP server on OpenNTF.org doesn’t support FTPS I had to use the FileZilla server the setup was super simple.

Run the setup

go into settings and enable FTP over SSL select your .Key file and your certificate file that you got back from your certifier. Also check the other option to force all connections to the server to be FTPS.

FileZilla Server Settings

And now you have a FTPS server that can deliver external content to you Domino server. The last thing you need to setup is the users and groups that should be able to connect to the server.

Update: Paul Farris commented that this is an SSL based FTP server not an SSH based so the real name should be FTPS not sFTP.