Wednesday, March 17, 2010

Remember Young Admins...there are 2 files

Us old timers don't remember everything after all.

I set up a TLS environment using the post from Gregg Eldred.

Additionally we self certified it from Domino (checked the vendor and the spam system accepts it) and all seemed well and good.

Except I received numerous errors (and since we use DDM, um, 1,000's of emails about it)which said the same thing:
SSL error: Keyring File access error

So I did what anyone else would do, I phoned a friend. Called Gregg, left him a voice mail and then pondered what else I might have done wrong.

Within a few minutes, and a quick search of my own internal documentation, I realized the problem was I forgot to copy BOTH files from my client when I set up the keyring file. I only copied the .KYR but not the .STH.


And thus ended my errors and all was good again.

If you have a similar error message and are 100% sure you copied both files, then I suggest you check out IBM technote #1218820, titled "
Frequently Asked Questions: Using Secure Socket Layer (SSL) with Notes/Domino".

That will probably lead you to this IBM technote #1109822 titled "Web server error: Keyring File access error or Page cannot be displayed".

So next time you have a problem leave Gregg a message describing the problem and you may have it solved within minutes. If you do, please do a session at MWLUG 2010 on this phenomena.


  1. Tip - When you renew the certificate you only have to copy over the new .kyr file. The .sth file does not change.

  2. Chris, you are correct, in this case it was a new setup.