Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

New Version of KyrTool released

Daniel Nashed  3 April 2015 08:38:12
There is a newer version of the key ring tool that has been released on fix-central.

Here is the list of fixes for the newer version.
You should also update your client and server to the latest available IF because there are also fixes in the back-end for some issues parsing certificates.

By the way ... I really like the command line kyrtool. A couple of days ago a customer asked me for some maintenance of their existing key ring files.
Their CA expired and we had to remove the root CA from over 150 key-ring files.
Using a shell script in combination with the kyrtool allowed me to export the private key and certificates, use "sed" to modify the file, create a new key-ring file, re-import and verify the key-ring file.
We even dumped information about the keys, certs etc and validation of the key-ring files into a CSV file to have an overview :-)

-- Daniel
DKEN9U5UEX Fix crash if pem file provided as input file has embedded nulls
KLYH9UBNGW Add Sha 256 Pinning to the kyrtool - displaying the digest on show commands
MKIN9QHT5W Fix kyrtool crashing when attempting the create command and giving an existing directory for the keyfile name
DKEN9RVQGD Fix kyrtool sometimes erroring on import all command



http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Lotus&product=ibm/Lotus/Lotus+Domino&release=9.0.1.2&platform=All&function=fixId&fixids=KYRTool_9x_ClientServer&includeSupersedes=0
Comments

1Heinrich Nellen  14.04.2015 15:20:26  New Version of KyrTool crashes using the show command

Using the "show" command leeds to a crash of the new kyrtool (linux 64 or windows 32). Both systems were not patched to the latest IF.

Subject: ***********

Issuer: ***********

Not Before: ***********

Not After: ***********

Key length: 4096 bits

[052C:0002-0218] Thread=[052C:0002-0218]

[052C:0002-0218] Stack base=0x0019DFCC, Stack size = 9468 bytes

[052C:0002-0218] PANIC: LookupHandle: handle out of range

I didn't test it with a fully patched system. The old version worked fine.

2Heinrich Nellen  14.04.2015 15:33:39  New Version of KyrTool crashes using the "show certs" command

Update:

"show keys" works, "show certs" leads to panic

3Daniel Nashed  15.04.2015 13:06:45  New Version of KyrTool released

New Key tool v1.1 works for me with "show certs".

I see no problem here. Tested with Notes Client FP3 with current IF installed

Not sure which exact version you are on. And I have no unpatched system for testing.

Can you test with a patched version? Are you getting a NSD? Can you send it by mail?

Archives


  • [IBM Lotus Domino]
  • [Domino on Linux]
  • [Nash!Com]
  • [Daniel Nashed]