In questa Wiki di IBM è spiegato come generare il keyring file usando OpenSSL con self certificate e certiticati di terze parti compatibile con Domino.
Vi ricordo di dare una lettura al post precedente per la configurazione di Domino e SSL
Qui di seguito copio il Readme del nuovo KyrTool
This readme accompanies the kyrtool. The target audience is a Domino Administrator to work with SHA-2 certificates and Domino as described in the following technical documents:
The kyrtool is a command line tool that can be used to view keyring files, create keyring files, and import certificates of all kinds into keyring files. It uses the IBM Notes C API and can be run against any 8.5.x or 9.x Notes/Domino installation, but can only be used with SHA-2 certificates in Domino 9.x, and can only be used to import and delete trusted roots with Domino 9.0.1 FP2 IF1 or higher which added support for TLS and SHA-2.
To use the Tool:
1) Copy the kyrtool associated with your platform into the Notes program directory on your adminstrator's client machine (alternately you could copy it into your Domino program directory if you plan on executing the utility from a command prompt on your Server machine)
2) Execute kyrtool -h for help information on executing the tool which will display the following:
kyrtool [=/path/to/notes.ini] command [subcommand] [flags]
create Create a new keyring file
delete Delete a root in a keyring file
import Import into a keyring file
show Show information about a keyring file
Verify the content of a PEM import file
Use 'kyrtool [command] -h' to view help for each command.
The keyring password is stored in the STH file and will be
automatically read when using an existing keyring file.