Skip to main content link. Accesskey S
  • HCL Logo
  • HCL Notes and Domino wiki
  • THIS WIKI IS READ-ONLY. Individual names altered for privacy purposes.
  • HCL Forums and Blogs
  • Home
  • Product Documentation
  • Community Articles
  • Learning Center
  • API Documentation
Search
Community Articles > Lotus Domino > Domino security > Configuring SSL encryption for IBM Lotus Domino 8.5.1
  • Share Show Menu▼
  • Subscribe Show Menu▼

Recent articles by this author

IBM Lotus Notes 8.5.3 Traveler Upgrade Pack 1 in High-Availability configuration performance

This article reports the performance test results of a IBM Lotus Notes Traveler 8.5.3 Upgrade Pack 1 in High Availability (HA) configuration on Microsoft Windows 64-bit with both IBM DB2 in HA Disaster Recovery configuration and Microsoft SQL database with mirroring.

Configuring Microsoft Windows single sign-on for Web clients in an existing IBM Lotus Domino environment

This article is a simplified guide of the steps to configure Microsoft Windows Single Sign-on with IBM Lotus Domino. Using this guide, you can get your environment running in just a few minutes, even if you do not have in-depth knowledge of either the Trust Association Interceptor operation mode ...

Generating LTPA tokens using a Java servlet

This article describes the detailed steps to generate a Lightweight Third-Party Authentication (LTPA) token, using a JavaTM client running in an application server other than IBM® WebSphere® Portal.

Configuring SSL encryption for IBM Lotus Domino 8.5.1

This article provides the detailed steps on how to configure Secure Sockets Layer (SSL) encryption for IBM® Lotus® Domino® 8.5.1.

Comparing IBM Lotus Notes widgets with other widget types

This article introduces the often-confused concepts of widgets, Web widgets, Google Gadgets, iWidgets, and IBM® Lotus® Notes® widgets. Using some practical examples, we compare the differences and relationships among these five concepts, demonstrating the convenience offered by Notes ...
Community articleConfiguring SSL encryption for IBM Lotus Domino 8.5.1
Added by ~Fred Cistumipulings | Edited by ~Andy Xangeromanoden on June 7, 2013 | Version 5
  • Actions Show Menu▼
expanded Abstract
collapsed Abstract
This article provides the detailed steps on how to configure Secure Sockets Layer (SSL) encryption for IBM® Lotus® Domino® 8.5.1.
ShowTable of Contents
HideTable of Contents
  • 1 Data directories
  • 2 Implementing the SSL configuration on Lotus Domino
    • 2.1 Creating a key ring with a Self-Signed Certificate
    • 2.2 Setting up SSL ports in Lotus Domino
  • 3 Conclusion
  • 4 Resources
  • 5 About the authors

Data directories


The files discussed in this document can be found at the locations below, in a standard deployment. The default data directories for IBM® Lotus® Domino® are as follows:
Domino Data Directory
Microsoft® Windows®: C:/Program Files/IBM/Domino/data
Linux®: /local/notesdata

Notes Data Directory
Windows: C:/Program Files/IBM/Notes/data
Linux: ~/lotus/notes/data

Implementing the SSL configuration on Lotus Domino


This is a two-step process, as follows:

(1) Creating a key ring with a Self-Signed Certificate
(2) Setting up SSL ports in Lotus Domino

Creating a key ring with a Self-Signed Certificate


Open the Domino Server Certificate Administration database (CERTSRV.NSF). You can do this either by using a Domino Administrator Client or by using a Lotus Notes client:
  1. Install Lotus Notes (a Domino administration client can also be used) on a machine.
  2. Configure Lotus Notes to allow the client to edit the remote file:
a) Create a copy of the admin.id file located in the Domino Data Directory on the remote machine.
b) Rename this file as <servername>_admin.id, and copy it to the Notes Data Directory on the local machine.
c) Launch Lotus Notes and log in, using the <servername>_ admin.id.
d) Select 'Other..." from the User name drop-down menu (see figure 1).

Figure 1. User name drop-down menu



e) In the Choose User ID to Switch To window, select the <servername>_admin.id, using the file browser (see figure 2). Click Open.

Figure 2. <servername>_admin.id



f) Enter the Domino administrator password and click Log In.

3. Optional: Create a Location document for each server you connect to. Note that you don't need to do this step, but it simplifies the process of working with users in the server's names.nsf, for example, when updating the ACL of a database:


a) Create a new Location doc by clicking the Up arrow beside the current location, which is on the bottom right-hand corner of your Notes client.
b) On the pop-up menu, click "Edit locations," and make a copy of the current location, changing the name and the servers on the Servers tab; click Save.
c) Then switch to that location by clicking the Up arrow again and then clicking on the new location.

4. Open the remote file, CERTSRV.NSF, using the Notes menu options File – Open – Lotus Notes Application (see figure 3).

Figure 3. Open a Lotus Notes Application



5. Enter the fully qualified path to the remote server and the name of the file you wish to edit; click Open (see figure 4).

Figure 4. Open Application window



6. Open the Server Certificate Administration window and click the Create Key Ring with Self-Certified Certificate button (see figure 5).

******************************************

WARNING: If you do this, you will have a SSL certificate that will not be accepted by most current browsers, as it will not be signed by a Certificate Authority and it will have a key size of 512 bytes.  There is a reason this link is labeled "for testing only".   It cannot be used on a server for SSL connections.   

At this time, please go to the the technote at the following URL to create an SSL certificate that can be used on a server.   
http://www-01.ibm.com/support/docview.wss?rs=899&uid=swg21114148

****************************************


Figure 5. Server Certificate Administration window



7. In the Key Ring Information and Distinguished Name sections, fill in the fields as indicated by the red arrows in figure 6, click “Create Key Ring with Self-Signed Certificate”, and click OK.

Figure 6. Key Ring Information and Distinguished Name sections



The “Key ring created with self signed certificate” window displays, confirming the data you entered in the previous step (see figure 7).

Figure 7. “Key ring created with self signed certificate” window



8. This creates the key ring in the Notes Data directory in your local file system (see figure 8); now copy the .sth and .kyr files to your Domino Data directory.
Figure 8. sth and .kyr files in Notes Data directory


Setting up SSL ports in Lotus Domino

  1. Open the remote file, names.nsf, using File – Open – Lotus Notes Application.
  2. Enter the fully qualified path to the remote server and the name of the file you wish to edit; click Open (see figure 9).

Figure 9. Open Application window



3. Click the Configuration tab, select Server – All Server Documents, and open the Server document (see figure 10).

Figure 10. Open Server doc



4. Select the Ports – Internet Ports tabs (see figure 11).

Figure 11. Internet Port tab



5. In the SSL settings section, edit the fields as shown in figure 12; click Save.

Figure 12. SSL settings section



Conclusion


You should now be able to successfully configure SSL encryption for Lotus Domino 8.5.1.

Resources

  • Refer to the developerWorks Lotus Sametime product page.
  • Refer to the Lotus Sametime wiki Product Documentation tab.

About the authors


Desmond McCann is a Chartered Engineer working on the Sametime Verification Test team at IBM's Mulhuddart, Ireland, facility. He has been with IBM since 2010, focusing on integration and interoperability across Lotus Sametime products.

John Doody is a Software Engineer working on the Sametime Verification Test team at IBM's Mulhuddart, Ireland, facility. He has been with IBM since 2009, focusing on integration and interoperability across Lotus Sametime products.

  • Actions Show Menu▼


expanded Attachments (0)
collapsed Attachments (0)
Edit the article to add or modify attachments.
expanded Versions (1)
collapsed Versions (1)
Version Comparison     
VersionDateChanged by              Summary of changes
This version (5)Jun 7, 2013, 8:19:42 PM~Andy Xangeromanoden  
expanded Comments (0)
collapsed Comments (0)
Copy and paste this wiki markup to link to this article from another article in this wiki.
Go ElsewhereStay ConnectedAbout
  • HCL Software
  • HCL Digital Solutions community
  • HCL Software support
  • BlogsDigital Solutions blog
  • Community LinkHCL Software forums and blogs
  • About HCL Software
  • Privacy
  • Accessibility