Installing the Domino Command Line (CLI)

petter.olssonpetter.olsson Member, Moderator, Domino Posts: 74 mod
  1. Click your username at the bottom of the main menu to download the CLI installer.
  1. Run the installer application.
  2. Open a new command prompt and run:
domino login <url>
  1. Replace <url> with the URL where you access Domino.
  2. When asked for your login information, use the username and password for your Domino account. You should see something like this:
$ domino login 

Enter your Domino username or email address
> username
Enter your password (typing will be hidden)
>

Congrats, you're all set!

Comments

  • pziegpzieg Member Posts: 10
    edited March 27

    Trying to login into domino locally and getting the following:

    domino login https://domino.allstate.com
    
    +--------+
    
    | Error! |
    
    +--------+
    
    Unexpected error: Couldn't validate the Domino URL you provided. Validation failed with: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    
    If you need more help, email [email protected] or visit http://support.dominodatalab.com/hc/en-us/articles/204856525-Troubleshooting-common-problems
    

    Any ideas on how to resolve this?

    I can save the certificate from domino.allstate.com though unsure where that needs to go on my machine in order to let it know it's ok to access the URL.

    Background: want to sync a domino project with a OneDrive folder and likely can only do that locally, thus the need to run `domino login`

  • josh.mineroffjosh.mineroff Member, Moderator, Domino Posts: 9 mod

    This issue is being caused by a missing certificate, and you're on the right track if you downloaded the certificate from the homepage of your Domino UI. Now you'll just need to add it to the Java keystore (in a file called 'cacerts'). To find the location of your cacerts file, you can run:

    echo $(/usr/libexec/java_home)/lib/security/cacerts
    

    You may need to install the Java SDK if this fails

    Now you can add your company's certificate to the keystore you just identified:

    sudo keytool -keystore PREVIOUS_RESULT -importcert -alias AN_ALIAS_NAME -file *.YOUR_DOMAIN.com.cer
    

    If you're a Windows user: The keystore tool should be located in C:\Program Files\Java\jre-x-x\bin (replacing jre-x-x with your version)

    Now try to log into the CLI again. If you are still having issues, check that you added the certificate to the same location where Domino cacerts are stored. Run these commands to compare the paths and, if necessary, repeat the above process using the new path:

    echo $(/usr/libexec/java_home)/lib/security/cacerts
    echo $(which domino)/cacerts
    

    Please let me know if this solves your issue!

    Josh Mineroff | Field Engineer

  • josh.mineroffjosh.mineroff Member, Moderator, Domino Posts: 9 mod

    For anyone reading this in the future, you can find the certificate by going to the Domino UI in Chrome and clicking on the lock next to the URL and then the "Certificate" option.

    Then you can click and drag the image of the certificate into your desktop or your Downloads folder to download the file.


    Josh Mineroff | Field Engineer

  • pziegpzieg Member Posts: 10

    So I'm closer but still not 100%. I ran your steps above for the java directory which actually has path on my machine: (source: https://stackoverflow.com/questions/11936685/how-to-obtain-the-location-of-cacerts-of-the-default-java-installation#)

    $(/usr/libexec/java_home)/jre/lib/security/cacerts
    

    So I believe the certificate is updated there.

    There is no cacerts file in the path below.

    $(which domino)
    

    I tried running:

    sudo keytool -keystore PREVIOUS_RESULT -importcert -alias domino_cer -file *.YOUR_DOMAIN.com.cer
    keytool error: java.io.IOException: Invalid keystore format
    

    I also tried simply copying the .cer file over to the domino directory but also didn't work, i.e. same error when trying to log into domino CLI.

    Anything else you can think of to try and resolve?

  • pankhuri.vermapankhuri.verma Member, Administrator, Moderator, Domino Posts: 17 admin

    When you run echo $(/usr/libexec/java_home)/lib/security/ , what result do you get ? Can you cd to that location and run ls ? You should be able to see cacerts file.

    Once you are in the security folder where cacerts resides, you can run the below command , you will need to replace this -<*.YOUR_DOMAIN.com.cer> with the path and the name of the allstate certificate -

    sudo keytool -keystore cacerts -importcert -alias domino_cer -file <*.YOUR_DOMAIN.com.cer>
    


  • pziegpzieg Member Posts: 10

    When I run:

    MACHINE_NAME:~ pzieg$ $(/usr/libexec/java_home)/lib/security/
    
    -bash: [SHOWS ABOVE PATH]: No such file or directory
    

    Though the cacerts file exists here:

    MACHINE_NAME:~ pzieg$ ls $(/usr/libexec/java_home)/jre/lib/security
    
    blacklist		java.policy		trusted.libraries
    
    blacklisted.certs	java.security
    
    cacerts			policy
    

    I have successfully added the certificate here though theres an issue when trying to make sure it's also in domino cacerts location, see my comment above.

  • pankhuri.vermapankhuri.verma Member, Administrator, Moderator, Domino Posts: 17 admin

    Have you been able to login now -

    domino login https://domino.allstate.com
    


  • pziegpzieg Member Posts: 10

    No, please see my first comment on this thread, I still get the same error.

  • zach.ingrahamzach.ingraham Member, Administrator, Moderator, Domino Posts: 52 admin

    Hi Polly,

    Sorry you're having trouble getting into the CLI, the cert issues can be frustrating. If I understand correctly, you added the certs to the cacerts file in your default java directory, but that didn't fix the issue. That strongly implies your domino client isn't using the default Java. You also checked the Domino path for a dedicated Java/cacerts and didn't find anything there you can edit. Luckily, there are two relatively straightforward workarounds you can take from here.

    First, you can run:

    ➜ ~ domino --version
    Domino CLI Version: 3.6.12 (build a67acb8c-ffa9-4d27-8e8d-03b5978d945e)
    Running on Java Version: 1.8.0_181 by Oracle Corporation
    Running from path: /Library/Java/JavaVirtualMachines/jdk1.8.0_181.jdk/Contents/Home/jre
    

    That will give you the path to the Java install Domino is using. You can then add the cert to the cacerts file for that installation of java.

    Second, if that doesn't work, you can actually just specify what cacerts file you want to use. You can copy one of the cacerts files that you've already added the certs to into a location of your choice, then add an option to the domino client's Java VM to use that cacert file instead of the one in its java install. You can do so by adding the following to the domino.vmoptions file located in your Domino install directory (which domino):

    -Djavax.net.ssl.keystore=/path/to/your/custom/cacert

    If neither of those options work, then it might be quickest for us to hop on a call so we can troubleshoot real time, if you'd like to do that, you can put in a Support ticket (or we're happy to do so for you) following these directions: https://docs.dominodatalab.com/en/3.6/get_help/contact_support.html

    And if you do, please mention in the ticket that we were talking in Community, so we can make sure the engineer that grabs your case knows to look here for context.

    -Zach

  • james.risemanjames.riseman Member Posts: 1

    I'm having trouble with the Installer. When I try to run the downloaded .dmg file on my MacBook, I get the error that the launch path is not accessible. Any suggestions?


  • marc.heilmarc.heil Domino Posts: 1

    There is an additional error that can occur during import:

    According to the importcert documentation for keytool, that -cacerts option is indeed required to access the cacerts keystore

Sign In or Register to comment.