Thursday, May 25, 2017

Why Experts Save You Money

Did you ever hear these from clients or prospective clients?
"Your fees are too high!"
"You want how much to do this?"
"I can get a <insert tech solution name> person for $10/hr why do we need you?"

I have heard these, and many others too over the course of my career.

Now let's hear how some others see this issue, these are general references not specific to anyone or anything.

  • Sales advisors tell us it is because we have not sold the client on us and our solution that the price still matters. If they are not sold on using us, price becomes the scapegoat. This is true.
  • Marketing advisors would say our value proposition is not clearly reaching out target market and we should either move down or up, depending on our circumstances and expectations of clients. This is true as well sometimes.
  • Financial people would tell us that they have a budget they can not exceed, which we know is not true because if the CEO, or another executive with power, want something, they get it, no matter the cost. This is true too.
  • Technical people will tell you they can get it done in a day or two. However, they first have to clear their existing project or support items and then involve a few teams of people and plan the change management, etc.. This is true too, except it will not get done until next year, usually.
What is rarely understood, although we do explain this all the time, is your code-monkeys will spend days trying to fix something that an expert sees and can fix in a few minutes or hours. When this is an internal resourced project, it seems, no one cares about time or cost. When it is an external resource, that is another story entirely.

A friend of mine recently spent, per their post, 5 hours on an email configuration issue.After I asked why they didn't ask my help for what I know to be a five minute fix, we then walked through the config and solved it. Even though they knew I have spent over 20 years on messaging systems, they did not ask for help until they had wasted quite some time. ( I am still hoping they used hyperbole and it was really an hour or 2 which is still too long)

Now, if they are the hourly billing type of person they have a dilemma, do they bill for the wasted hours of troubleshooting or part of it or none of it? If they bill by the project, this would not matter because things like this are expected and included in the pricing. It never makes one happy, but on the other hand, you gain valuable knowledge and experience to solve a problem for next time in seconds, and THAT is huge money to be made...when you bill by the project and not hourly. 

Of course, I can't bill for five minutes of work, well I could if they weren't my friend. The bill would be like the famous joke about the guy with the hammer who knew just where to hit the machinery. I could bill anything just to solve the problem, whether it took me five minutes or five seconds. 

Yes, cheaper solution providers exist, but they are not IBM Champions or Microsoft MVPs or Salesforce MVPs or whatever leaders in their respective fields that while we may not have encountered every issue, we are very battle tested and call upon our other friends to help us because that is what experts do in life.

We trust others to help us in return for the help we lend them. This for me is one of the best things about being an IBM Champion and knowing people that are the equivalent across many platforms. No one wants to ask for help, it is seen as a weakness, but once you get over this your world is much better as is all the people you engage with over the years.

If you are an IT manager, price means nothing when the issue is Enterprise important. If you think otherwise, your company will never get ahead of your competition. Work with experts who help make you look better to your boss, not cause your boss to look for replacements for you.

SnTT - WildCard SSL Certs and Domino....needs 32bit Windows?

This post is for me, and you, to make life easy. 

Some of you out there are only now adding SSL certificates to your servers, I know because you are asking me to help you, and so I present today's Show n Tell Tuesday post.

There are some excellent SSL and Domino posts on this topic already from Gab Davis, Mats Ekman, and Sean Cull, IBM documentation is a bit lacking in this use case so I will not point you to it.
EDIT : Jared Roberts, also a fellow IBM Champion, wrote an excellent post on the wildcard and you should go use his, it is found here. (My blog post was written over a few months so I had missed Jared's post)

I used Gab's post a few times over the last few months and always in a situation where the customer had a stand-alone (individual server) SSL certificate and you can't mess it up, well you could typo the syntax, but her post is the easiest way to get this accomplished. Thank you, Gab!

However, a Wildcard SSL certificate is a little different and this is when I found Mat and Sean's post very helpful and I am taking from them to add my 2 cents.

Along the way of following their posts, I found that the IBM required tool only runs on a 32 bit Windows environment. Let's just say were it not for my TV PC, I would have to create a VM just to run this tool. 

You have been warned.

Everything else runs on 64 bit and you will need your Domino server and your Admin Client accessible. 
EDIT from Chuck's Comment below: You should be using at least a 9.0.1FP6 Notes client, not necessarily an Admin client but you may find it easier to do so.

This is how we include a wildcard 4096 bit cert issued from a registrar with a .PFX and .CSR file into Domino. (Always make sure to get the password used for the key, you WILL need it.)

What do you do with a .PFX file? You convert it into a .PEM file using OpenSSL.
EDITED FEB 9, 2022 after prior update of Nov 30, 2017 NOTE: If you have a .pfx file, an IBM HCL technote makes this much easier than the steps below. but I will leave it all for those who want to know more. Thanks Ted H. for the link.

What? Why? Never mind that now, but the steps to do the magic are below:

1) Download the OpenSSL software (taken from Mat's post)
Easy precompiled:
The one Mat used:
NOTE: These are direct links, so if it doesn't work, go to for 32 and 64 bit.

2) Download the KYRTool (again taken from Mat's Post)
Fixcentral short:
Fixcentral long:

3) Install the OpenSSL into its own directory (include the binaries)

4) Go to C:\OpenSSL-Win64\bin\openssl then run the openssl to get the command window you need so you can type in. (This took me a while to figure out, you are welcome):

5) this is all one line pkcs12 -in C:\location of mypfxfiles\wildcard_company_com.pfx -out  c:\somelocation\wildcard_cmpany_com.pem -nodes -chain

Remember, Domino requires both the .KYR file and the .STH files to be placed inside the \Domino\data directory.

As always have fun, ask for help when you need it and don't give up, as you can see, many of us have been in your shoes before.