Domino AppDevPack 1.0.12，启动IAM服务失败，质子密钥格式错误

根据教程创建证书。https://classroom.google.com/c/MTEzNTE1MDAxNDc4/a/MTE1NDA5MjkzOTM3/details

openssl genrsa -aes256 -out iamserver.key 2048
openssl req -new -out iamserver.csr -key iamserver.key -nodes -config iamserver.cnf
result file of iamserver.cnf
Country Name (2 letter code) []:TW
State or Province Name (full name) []:New Taipei City
Locality Name (eg, city) []:Linkou
Organization Name (eg, company) []:Org
Common Name (e.g. fully qualified host name) []:iamserver.org.com
openssl x509 -passin pass:rootPassword -req -days 3650 -in iamserver.csr -CA ca.crt -CAkey ca.key -out iamserver.crt -CAcreateserial -CAserial ca.seq -sha256 -extfile ssl-extensions-509.cnf

创建一个名为clientauth.txt的文件，并将以下语句放入文件，保存并退出:extendedKeyUsage = clientAuth

openssl x509 -passin pass:rootPassword -req -days 3650 -in iamapp。-CA ca.crt -CAkey ca.key out iamapp。ca.seq -sha256 -extfile clientauth.txtOpenssl x509 -in iamapp。CRT -text -noout -certopt no_pubkey,no_sigdump

openssl x509 -passin pass:rootPassword -req -days 3650 -in iamapp.csr -CA ca.crt -CAkey ca.key -out iamapp.crt -CAcreateserial -CAserial ca.seq -sha256 -extfile clientauth.txt
Certificate request self-signature ok
subject=O = Org, CN = IAMAccessor

> domino-iam-service@2.2.0 start
> cross-env NODE_ENV=production node iam-server.js "setup"
WARNING: NODE_ENV value of 'production' did not match any deployment config file names.
WARNING: See https://github.com/lorenwest/node-config/wiki/Strict-Mode
[13:04:44][info][configStore][master]: No configurations found in configuration directory
Welcome to IAM Setup
? Choose setup mode Production.
-------------------------
? IAM Admin username: admin
? Enter IAM Admin password: ********
? Enter IAM Admin password again: ********
Admin password is set successfully
? Enter IAM server password: ********
? Enter IAM server password again: *******Password Not Match!
? Enter IAM server password again: ********
Server password is set successfully
------------------------
About to config The URL of the issuer.
? IAM Service ISSUER: https://iamserver.org.com:9443/
Following configuration have been input for The URL of the issuer --
issuer - https://iamserver.org.com:9443/
? Confirm? Yes

------------------------
About to config Address Settings.
? IAM service's host(leave as '[default]' to accept the request from all network interfaces):
? IAM service's port: 9443
? ADMIN service's host(leave as '[default]' to accept the request from all network interfaces):
? ADMIN service's port: 8443
Following configuration have been input for Address Settings --
IAM service's host - [default]
IAM service's port - 9443
ADMIN service's host - [default]
ADMIN service's port - 8443
? Confirm? Yes

------------------------
About to config SSL Settings.
? IAM server's SSL key file path (relative to 'config/certs' folder): config/certs/iamserver.key
? Server's SSL key password: **********
? Server's SSL cert file path (relative to 'config/certs' folder): config/certs/iamserver.crt
Following configuration have been input for SSL Settings --
IAM server's SSL key file path - config/certs/iamserver.key
Server's SSL key password - ***
Server's SSL cert file path - config/certs/iamserver.crt
? Confirm? Yes

------------------------
About to config Storage Settings.
? Hostname of the Domino server: serv.org.com
? Domino's Proton service port: 3002
? IAM's storage nsf file path, a relative path to Domino data path: iam-store.nsf
? IAM's Proton client cert key file path (relative to 'config/certs' folder): config/certs/iamapp.key
>> Only RSA key is support for proton!
At the backend, with the folwoing error:
> load certmgr -d
[1B3C:0002-006C] CertMgrDebug: Starting CertMgrClientModeAndSetup
[1B3C:0002-006C] CertMgrDebug: CertMgr Server in Global Config: [CN=Serv/O=Org]
[1B3C:0002-006C] CertMgrDebug: Ensure CertMgr [CN=Serv/O=Org] is set in Domino Directory
[1B3C:0002-006C] CertMgrDebug: Domino Directory Admin-Server: [CN=Serv/O=Org]
[1B3C:0002-006C] CertMgrDebug: Yes we are the admin server and Domino Directory was requested
[1B3C:0002-006C] CertMgrDebug: Access-Level Domino Directory: 6
[1B3C:0002-006C] CertMgrDebug: CertMgr server already set in Domino Directory [CN=Serv/O=Org]
[1B3C:0002-006C] 2022/07/13 下午 12:58:10  CertMgr: Certificate Manager started
[0518:0005-0A4C] 2022/07/13 下午 12:58:15.07 PROTON> SessionCache::prune: enter
[0518:0005-0A4C] 2022/07/13 下午 12:58:15.07 PROTON> SessionCache::prune: exit
[06A8:0002-07E0] 2022/07/13 下午 12:58:30  AMgr: Error executing agent 'DeleteExpiredDocs' in 'iam-store.nsf'. Agent signer 'Domino Template Development/Domino': You are not authorized to perform that operation
[0518:0005-0A4C] 2022/07/13 下午 12:58:30.27 PROTON> SessionCache::prune: enter
[0518:0005-0A4C] 2022/07/13 下午 12:58:30.27 PROTON> SessionCache::prune: exit
[1B3C:0004-057C] Clearing DBIID F9618430 for DB C:HCLDominoDatacertstore.ORIG
[1B3C:0004-057C] CertMgrDebug: Formula: [(FORM = {DnsProvider}) & (STATUS != {0})]
[1B3C:0004-057C] CertMgrDebug: Formula entries found: 0
[1B3C:0004-057C] CertMgrDebug: DNS provider entries found: 0
[1B3C:0004-057C] CertMgrDebug: DNS provider entries updated: 0
[1B3C:0004-057C] 2022/07/13 下午 12:58:42  Recovery Manager: Assigning new DBIID for C:HCLDominoDatacertstore.nsf (need new backup for media recovery).
[1B3C:0004-057C] CertMgrDebug: Item[Status] []: 0
[1B3C:0004-057C] 2022/07/13 下午 12:58:42  CertStore: Database compacted [certstore.nsf] - 0 percent recovered
[1B3C:0004-057C] CertMgrDebug: Formula: [( (FORM = {KeyFile}) & ((STATUS = {O}:{S}) | ((STATUS = {I}) & (@Now > CertNextRenewTimedate))) )| ( (FORM = {Certifier}) & (STATUS = {O}) )]
[1B3C:0004-057C] CertMgrDebug: Formula entries found: 0
[1B3C:0004-057C] CertMgrDebug: Formula: [(FORM = {KeyFile}) & (STATUS != {})]
[1B3C:0004-057C] CertMgrDebug: Formula entries found: 0
[1B3C:0004-057C] CertMgrDebug: Health-Check did not find any document
[1B3C:0004-057C] CertMgrDebug: Formula: [(FORM = {ArchiveKeyFile}) & (@Adjust(@Now;0;0;-30;0;0;0) > CertExpires)]
[1B3C:0004-057C] CertMgrDebug: Formula entries found: 0
[1B3C:0004-057C] CertMgrDebug: Formula: [(FORM = {ArchiveKeyFile}) & (StatusKeyfile != 4) &(@Now > CertExpires)]
[1B3C:0004-057C] CertMgrDebug: Formula entries found: 0
[1B3C:0004-057C] 2022/07/13 下午 12:58:42  CertMgr: Active DNS providers: 0
[1B3C:0004-057C] 2022/07/13 下午 12:58:42  CertMgr: Root CA Certificate File: [C:HCLDominoDatacacert.pem]
[0518:0005-0A4C] 2022/07/13 下午 12:58:45.49 PROTON> SessionCache::prune: enter
[0FA4:0002-02E4] 2022/07/13 下午 01:11:02  Directory Cataloger error processing  in database entitlements.nsf: 02:1B
[0B74:005C-1944] 2022/07/13 下午 01:11:05  Integrity check failed for ID Vault O=serv-org-vault: No Policy Settings found that use vault /serv-org-vault: Invalid or nonexistent document
[0B74:005D-1A44] 2022/07/13 下午 01:11:05  Integrity check failed for ID Vault O=serv_org_vault: No Policy Settings found that use vault /serv_org_vault: Invalid or nonexistent document
[0B74:005B-1168] 2022/07/13 下午 01:11:05  Integrity check failed for ID Vault O=serg_vault: No certifiers found that trust vault /serg_vault: Invalid or nonexistent document
[0B74:005B-1168] 2022/07/13 下午 01:11:05  Integrity check failed for ID Vault O=serg_vault: No certifiers that trust vault /serg_vault trust any password resetters: Invalid or nonexistent document
[0B74:005B-1168] 2022/07/13 下午 01:11:05  Integrity check failed for ID Vault O=serg_vault: No Policy Settings found that use vault /serg_vault: Invalid or nonexistent document

在Domino服务器上，我收到3条错误消息。1)

CertStore: LDAP: Cannot find TLS Credential for [server1.kyr] (RSA: 1, ECDSA: 1) : Entry not found in index

Invalid cipher(s) seen for server CN=Serv/O=Org

AMgr: Error executing agent 'DeleteExpiredDocs' in 'iam-store.nsf'. Agent signer 'Domino Template Development/Domino': You are not authorized to perform that operation