Advanced Search

The great Lotus Notes installation guide - Create a signer certificate

 

Article Index

Page 3 of 19

B.) Preparations: Create a signer certificate

Note: This step is not needed if you didn´t wish to add own eclipse features and/or if you didn´t wish to edit existing ones.

Ba.) Create a keystore and generate the key pair. A sample command line is shown:

%JAVA_HOME%\bin\keytool -genkey -dname "cn=Bob, ou=Sales, o=foo, c=US" -alias "my self signed cert" -keypass mypassword -keystore C:\sign-plugin\abx\mykeystore -storepass password -keyalg "RSA" -validity 360

Bb.) Create a listing of the newly created self-signed certificate/key pair. A sample command line is shown:

%JAVA_HOME%\bin\keytool -list -v -alias "my self signed cert" -keystore C:\sign-plugin\abx\mykeystore -storepass password

Bc.) For the feature you'll be adding to the install kit, sign its updatesite JAR files (in the features folder and in the plugins folder) using the self-signed certificate/key pair. Sample command lines for signing JAR files in the features folder and plugins folder are shown:

%JAVA_HOME%\bin\jarsigner -verbose -keystore C:\sign-plugin\abx\mykeystore -storepass password -keypass mypassword C:\sign-plugin\abx\mytestUpdatesite\features\com.ibm.sign.demo.feature_1.0.0.jar "my self signed cert"

Bd.) Export a trust certificate that can authenticate your public key. A sample command line is shown (see notes 2 for the storepass):

%JAVA_HOME%\bin\keytool -export -alias "my self signed cert" -file myselfsignedcert.cer -keystore C:\sign-plugin\abx\mykeystore -storepass password

Be.) Add the exported trust certificate to the Notes install kit keystore to enable trust for your public key at install. A sample command line is shown (see notes 2 for the storepass):

%JAVA_HOME%\bin\keytool.exe -import -keystore "C:\sign-plugin\abx\AllClient.msi.w32\deploy\.keystore.JCEKS.IBM_J9_VM.install" -storetype

Page 3 of 19

B.) Preparations: Create a signer certificate

Note: This step is not needed if you didn´t wish to add own eclipse features and/or if you didn´t wish to edit existing ones.

Ba.) Create a keystore and generate the key pair. A sample command line is shown:

%JAVA_HOME%\bin\keytool -genkey -dname "cn=Bob, ou=Sales, o=foo, c=US" -alias "my self signed cert" -keypass mypassword -keystore C:\sign-plugin\abx\mykeystore -storepass password -keyalg "RSA" -validity 360

Bb.) Create a listing of the newly created self-signed certificate/key pair. A sample command line is shown:

%JAVA_HOME%\bin\keytool -list -v -alias "my self signed cert" -keystore C:\sign-plugin\abx\mykeystore -storepass password

Bc.) For the feature you'll be adding to the install kit, sign its updatesite JAR files (in the features folder and in the plugins folder) using the self-signed certificate/key pair. Sample command lines for signing JAR files in the features folder and plugins folder are shown:

%JAVA_HOME%\bin\jarsigner -verbose -keystore C:\sign-plugin\abx\mykeystore -storepass password -keypass mypassword C:\sign-plugin\abx\mytestUpdatesite\features\com.ibm.sign.demo.feature_1.0.0.jar "my self signed cert"

Bd.) Export a trust certificate that can authenticate your public key. A sample command line is shown (see notes 2 for the storepass):

%JAVA_HOME%\bin\keytool -export -alias "my self signed cert" -file myselfsignedcert.cer -keystore C:\sign-plugin\abx\mykeystore -storepass password

Be.) Add the exported trust certificate to the Notes install kit keystore to enable trust for your public key at install. A sample command line is shown (see notes 2 for the storepass):

%JAVA_HOME%\bin\keytool.exe -import -keystore "C:\sign-plugin\abx\AllClient.msi.w32\deploy\.keystore.JCEKS.IBM_J9_VM.install" -storetype JCEKS -alias "my self signed cert" -file myselfsignedcert.cer -storepass ""

Bf.) List the entries in the Notes install kit keystore. A sample command line is shown (see notes 2 for the storepass):

%JAVA_HOME%\bin\keytool.exe -list -v -keystore "C:\sign-plugin\abx\AllClient.msi.w32\deploy\.keystore.JCEKS.IBM_J9_VM.install" -storetype JCEKS -alias "my self signed cert" -storepass ""

 

Note 1: See "How to add a certificate to the Lotus Notes 8 installation media kit file using keytool.exe (Technote 1305165)" for more information.

Note 2: For 8.02 FP2 and above, the original IBM keystore has the password "changeit".

Note 3: This section used parts from the "Signing and adding new features to the kit" Notes Admin topic which can be found here.