HCL Notes and Domino wiki: Lotus Protector for Mail Security: Changing the SSL certificate used by the end user interface

Changing the SSL certificate used by the end user interface

Added by ~Jennifer Prehipichekoden | Edited by ~Jennifer Prehipichekoden on February 13, 2014 | Version 3

Actions ▼

In the default configuration Lotus Protector for Mail Security uses a self signed certificate for the end user interface. This article explains how to change the certificate.

Tags: lpms, protector, lotus_protector

Lotus Protector for Mail Security optionally uses a end user interface for users to access their quarantined spam. This website is also used for integration with the Lotus Notes client.

In the default configuration the quarantaine ist configured for this URL: https://$(HOSTNAME):4443

Tip: Do not confuse this with the web administration iterface that runs on Port 443 on the same host.

LPMS offers an option to upload a TLS certificate but this is used by SMTP only. To change the SSL-Certificate you have to log in using SSH as root

The certificates are stored in two locations.

The certificate is stored in /etc/apache2/ssl.crt

The key is stored in /etc/apache2/ssl.key

You can register your own new certificate and key with any Certificate Authority and upload the two files to the two directories. It is a best practice to use a new filename and not overwrite the existing files.

To configure Apache2 to use the new files, edit the file /etc/apache2/vhosts.d/mailsec_vhosts.conf

Finally run "/etc/init.d/apache2 restart" to restart the webserver and reload the configuration.

Tip: In case Apache2 does not already support your Certificate Authority, you can add your CA's certificate by adding this setting to mailsec_vhosts.conf:

SSLCertificateChainFile= /etc/apache2/ssl.crt/ca.pem

Consult your Certificate Authority for more detailed information regarding their certificate key chain. See this site as an example: http://www.startssl.com/?app=21