Portal Express, Version 6.0
Operating systems: i5/OS, Linux, Windows
Enable SSL connections to a Domino server
To configure the Common Mail and Common Calendar portlets to work over SSL, you use the IBM Key Management Utility (IKeyMan) supplied by IBM® WebSphere® Application Server to exchange the IBM Lotus® Domino® SSL certificate with the WebSphere Application Server trust key stores.
The following procedure explains how to work with the certificates using the Internet Explorer browser. If you use another browser, refer to your browser documentation on certificates for detailed instructions on importing and exporting them.
- Enable SSL on the Domino server. For information, see Setting up SSL on a Domino server in Domino Administration Help.
- Open Internet Explorer and type a URL for the Domino server using the HTTPS protocol, for example, https://yourserver.domain.com/names.nsf.
- When prompted to accept a certificate, click View Certificate, and then select Install Certificate.
- In the Certificate Import Wizard, click Next, select Automatically select the Certificate Store based on the type of certificate, click Next, and then click Finish.
- Click OK twice, and then click Yes.
- In Internet Explorer, choose Tools > Internet Options, click Content, click Certificates, and then click Other People.
- Select the certificate you imported, and then click Export.
- In the Certificate Export Wizard, select Base-64 encoded X.509 (.CER), click Next, specify a file name and location on your computer, and then click Finish.
- Close any open browser dialog boxes, and then exit Internet Explorer.
- Import the certificate into the default trust store in the Java Runtime Environment (JRE) distributed with the Command Line Import Utility (CLIMP) by issuing the following command line from the app_server_root directory (type the following value as a continuous string with no return characters):
java/jre/bin/keytool -import -file
mycert.cer -keystore
java/jre/lib/security/cacerts
-alias CERTIFICATE_ALIAS -trustcacerts- Enter changeit, the default keystore password, and then enter yes.
- Restart WebSphere Application Server.
- Start IKeyMan, which is located in was_profile_root/bin, by issuing the ikeyman.exe or ikeyman.sh command from the command line (depending on your operating system).
- Select Open a store, navigate to app_server_root/java/jre/lib/security, and then select the file type All Files.
- Select the file cacerts, click Open, and then enter the password changeit.
- Find the certificate you stored with the certificate alias you provided in Step 10.
- Extract the new self-signed certificate as a certificate file using Base64-encoded ASCII data as the data type. This saves the certificate to a file name you specify with the extension .arm.
- In IKeyMan, open the file was_profile_root/etc/DummyServertrustfile.jks. The default password for this file is WebAS.
- Select Signer Certificates, and then click Add.
- Select Base64-encoded ASCII data as the data type, and then browse to the certificate file you saved.
- When prompted for a label, enter the same label value you entered when you created the certificate.
- Save the updated DummyServertrustfile.jks file, and then exit IKeyMan.
- Restart WebSphere Application Server and WebSphere Portal Express.
For detailed information about setting up Domino Directory over SSL, see Setting up LDAP over SSL with Domino Directory.
Parent topic:
Using the Common PIM portlets with Domino
Previous topic
Setting up the Common PIM portlets and Lotus Domino to work together
Next topic
Enabling a third-party authentication server to work with the Common PIM portletsRelated information
Setting up LDAP over SSL with Domino Directory