HCL Notes and Domino wiki: Domino admin: Setting up Secure Sockets Layer on Domino Server

Setting up Secure Sockets Layer on Domino Server

Added by ~Fritz Elkroverflar on November 2, 2015 | Version 1

Actions ▼

following these steps that completes Secure Sockets Layer (SSL) configuration for the Domino server. Once configured, the Domino server will be able to respond to request that are made over HTTPS and HTTP. This is necessary for Connections mail to be able to load in the Connections page and for the gadgets to be able to connect from the Notes client back to the Connections server

Tags: SSL

Description:
Enabling SSL is a three step process:
1. Create the Key Ring with a Self Signed Certificate
2. Copy the Key Ring and Stash file to the data directory
3. Configure SSL on the server

CREATE THE KEY RING WITH A SELF SIGNED CERTIFICATE
Step 1 If not already running, open the Admin client by clicking on the IBM Domino Admin shortcut on
the desktop. Enter in the password for Domino Admin which is apassw0rd.

Step 2 Click on the menu item File-->Application-->Open and choose domino/demos as the server
and choose Server Certificate Admin as the application to open.

Step 3 Since this is a training environment we will not purchase a Trusted Root Certificate from a third
party provider and we will not install that into the Key Ring for our server. What we will do is
create a key ring and install a self signed certificate. Close the About document. Click on the
Create Key Ring with Self Signed-Certificate.

Step 4 Fill out the form as follows: use passw0rd for the key ring password. The Common Name is
domino.demos.ibm.com and the Organization is demos. Use WORK for the State and XX
for the Country.

Step 5 Click the Create Key Ring with Self-signed Certificate button at the bottom.

Step 6 The next window you should see is the confirmation that the keyring has been created. Now
click OK.

Step 7 Using Windows File Explorer, navigate to the c:\Program Files(x86)\IBM\Notes\data directory
and copy the two files selfcert.kyr and selfcert.sth .

Step 8 Now browse to the Domino data directory located at c:\Program Files\IBM\Domino\data and
paste the files into that directory. Close file explorer when done.

Step 9 Now click the Demos-Domain tab and the select Configuration-->Server and open the server
document. Click on the Ports tab.

Step 10 Click on the Internet Ports tab and click on Edit Server. Change the field SSL Key File name
to selfcert.kyr. Then at the bottom of the page find the SSL port status field and set that to
enabled. Then click Save and Close.

Step 11 Open the Domino console and issue the command restart server. The server will pick up the
changes on restart.

At this point, SSL has been configured so that the Domino server can use encryption for http sessions between
itself and all clients.

Caustions:
Applying the FP3 for domino 9 to support SSL3.0 or TLS, if not the latest version broswers(Chrome,firefox) can not access the website of domino which enabled SSL using this method.