Home

 

Forcing traffic to be sent over SSL

You can configure Lotus Connections to force all traffic that passes between a Lotus Connections server and a user's Web browser to be sent over the Secure Socket Layer (SSL).


Be sure that SSL is enabled in your environment before you perform this procedure. See Configuring the IBM HTTP Server for SSL in the Installing section of the Lotus Connections information center for more information.

To edit configuration files, use the wsadmin client. See Start the wsadmin client for details.


To force traffic to be sent over SSL...

  1. Use the wsadmin client to access and check out the Lotus Connections configuration files.

    1. Access the Lotus Connections configuration file:

      • Stand-alone deployment: execfile("connectionsConfig.py")

      • Network deployment: execfile("WAS_HOME/profiles/Dmgr01/config/bin_lc_admin/connectionsConfig.py")If you are prompted to specify which server to connect to, type 1.

        This information is not used by the wsadmin client when you are making configuration changes.

    2. Check out the Lotus Connections configuration files...

      LCConfigService.checkOutConfig("<working_directory>","cell_name") where:

      • <working_directory> is the temporary working directory to which the configuration XML and XSD files are copied and are stored while you make changes to them. Use forward slashes to separate directories in the file path, even if you are using the Microsoft Windows operating system.

      • cell_name is the name of the WebSphere Application Server cell hosting the Lotus Connections feature. This argument is required even in stand-alone deployments. This argument is also case-sensitive, so type it with care. If you do not know the cell name, do one of the following to determine it:

        • Stand-alone deployment: From the file system... 

            WAS_HOME\profiles\profile_name\config\cells\

      • Network deployment: Type the following command while in the wsadmin command processor: 

          print AdminControl.getCell()

      For example:

      • AIX/Linux: 

          LCConfigService.checkOutConfig("/opt/temp","foo01Cell01")

    3. Microsoft Windows: 

        LCConfigService.checkOutConfig("c:/temp","foo01Cell01")

  2. Enter the following command: 

      LCConfigService.updateConfig("force.conf.comm.enabled", "true")

  3. After making changes, check the configuration files back in and do so during the same wsadmin session in which you checked them out for the changes to take effect. See Applying common configuration property changes for information about how to save and apply your changes.

  4. Optional: To secure session cookies...

    1. Log in to the WAS admin console of the server hosting your Lotus Connections features as the administrator.

    2. Select Servers > Application servers.

    3. Click the server hosting Lotus Connections from the list of server names.

    4. Click Session Management, and then click Enable cookies.

    5. Select the Restrict cookies to HTTPS sessions check box.

    6. Click Apply, and then click OK.

  5. Optional: To secure LTPA tokens...

    1. From the WAS admin console, expand Security, and then click Secure administration, applications and infrastructure.

    2. Expand Web security, and then click single sign-on (SSO).

    3. Select the Requires SSL check box.

    4. Click Apply, and then click OK.


Perform some additional steps to force Files and Wikis API calls to be sent over HTTPS. See Forcing Files and Wikis authenticated API traffic to be sent over HTTPS for more details.


Security

Securing access to external feeds

 

Related tasks

Change common configuration property values

Start the wsadmin client

Apply common configuration property changes

Configure IBM HTTP Server for SSL

Securing cookies

Enable users to publish file attachments to Lotus Quickr

Forcing Files and Wikis authenticated API traffic to be sent over HTTPS

Authenticating requests

+

Search Tips   |   Advanced Search