This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal


~Holly Bubponetexjip
Sep 24, 2015, 6:17 PM
63 Posts

Adding SSL to existing Traveler server

  • Category: Notes Traveler
  • Platform: Windows
  • Release: 9.0.1
  • Role:
  • Tags:
  • Replies: 6

This is a two part question.  I will link to the first question at the bottom because they are related, but I have given it it's own thread.

Our Traveler server is currently running ND9.01.FP2HF384, Traveler version 9.0.1.0 Build 201411031536.  (I know I'm behind a few releases)

Right now we do not use SSL. (no lectures please)

I'm looking to upgrade to the latest version of Domino (9.0.1.4) and the lastest version of Traveler (9.0.1.7) but because the iOS Verse client requires SSL, it's probably time we installed it on the server.

What are the ramifications to doing this with devices out there that connect using http?

Is there any way to push out the change to the devices or are they going to have to remove the installed Android client and reinstall?  What about the iOS devices?

 

This is the other thread.

http://www-10.lotus.com/ldd/ndseforum.nsf/xpTopicThread.xsp?documentId=A02ADB18C820E19885257ECA00646216

 

Thanks

~Nicole Fezresamarjip
Sep 25, 2015, 12:18 AM
43 Posts
Are you going to redirect HTTP traffic to HTTPS ?

As long as HTTP remain available then your existing device should still be able to connect (also assuming no change to existing traveler FQDN). However you should plan on gradually having them re-configured to connect using HTTPS. You do know how to generate TLS certificate for your key ring, right ?

Oh, if someone suddenly upgrade their device to IOS 9 then they would need to re-configure Traveler to use HTTPS since Traveler would not work in iOS9 unless you have TLS setup on your traveler server.

~Holly Bubponetexjip
Sep 25, 2015, 4:44 PM
63 Posts
I have users with iOS9 already

There are a number of users who have already upgraded their devices.  The current version of traveler is working although some have discovered calendar entries are missing, which is why my other thread is asking about upgrading.

And  I don't know ifI'd be redirecting http to https.

I don't know anything about SSL or TLS, hence the question.

~Dean Zekboosibergoden
Sep 27, 2015, 8:27 PM
11 Posts
Adding SSL to existing Traveler Server

IOS9 requires that you have purchased an SHA-2 SSL certificate from a third party CA, so to my knowledge you cannot use a Domino self signed SHA-2 certificate

In relation to setting up SSL/TLS for Traveler the certificate request needs to created using OpenSSL and keyring created using the new Domino kyrtool. the keyring is then installed on your Traveler server. Please see the following Wiki document in relation to this topic.

http://www-10.lotus.com/ldd/dominowiki.nsf/dx/3rd_Party_SHA-2_with_OpenSSL_and_kyrtool

Please note if you Google Domino SSL, you will be directed to older technotes which advise using the Server certificate Admin database. These technotes are out of date as the Server certificate admin database cannot create or manage SHA-2 certificates.

I would suggest you open a PMR with the Domino support for assistance in relation to this task if you have never set up SSL before.

 

Graham.

~Holly Bubponetexjip
Sep 28, 2015, 7:45 PM
63 Posts
Adding SSL to existing Traveler server

Thanks Graham.

~August Dworekonyettu
Oct 3, 2015, 6:48 PM
1 Posts
Traveler behind reverse proxy with SSL

I have setup some days ago a fresh installed Traveler 9.0.1.7 on a fresh installed Domino 9.0.1 FP4 behind a reverse proxy (on port 1237, so https://sub.domain.com:1237/traveler) with a self signed certificate and have tested the connection to an iPhone 5 with iOS9. Everything works like expected, no issues with the certificate.

The only problem is, that I can´t connect via IBM Verse because this needs a valid SSL certificate.

So my question is regarding SSL. Is it enough that the reverse proxy get´s a valid SSL certificate and the domino still runs on port 80? Does anyone know this?

 

Thanks in advance!


This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal