Home

 

Disabling SSL

If your network does not need it, you can configure Lotus Connections data to be sent over HTTP instead of secure HTTP.

This is not a required procedure. Only perform this if you feel that your network is secure enough that the traffic can be sent over HTTP.

To edit configuration files, use wsadmin. See Start the wsadmin client for details.

To disable SSL...

1. Update the LotusConnections-config.xml file to disable SSL for each of the features.

   1. Access the Lotus Connections configuration file:

      • Stand-alone deployment: execfile("connectionsConfig.py")

      • Network deployment: execfile("WAS_HOME/profiles/Dmgr01/config/bin_lc_admin/connectionsConfig.py")If you are prompted to specify which server to connect to, type 1.

        This information is not used by wsadmin when you are making configuration changes.

   2. Check out the Lotus Connections configuration files...

      LCConfigService.checkOutConfig("<working_directory>","cell_name") where:

      • <working_directory> is the temporary working directory to which the configuration XML and XSD files are copied and are stored while you make changes to them. Use forward slashes to separate directories in the file path, even if you are using the Microsoft Windows operating system.

      • cell_name is the name of the WebSphere Application Server cell hosting the Lotus Connections feature. This argument is required even in stand-alone deployments. This argument is also case-sensitive, so type it with care. If you do not know the cell name, do one of the following to determine it:

        • Stand-alone deployment: From the file system...

          WAS_HOME\profiles\profile_name\config\cells\
          

      • Network deployment: From wsadmin...

        print AdminControl.getCell()
        

      For example:

      • AIX/Linux:

        LCConfigService.checkOutConfig("/opt/temp","foo01Cell01")
        

   3. Microsoft Windows:

      LCConfigService.checkOutConfig("c:/temp","foo01Cell01")
      

   4. Use the following commands to change the values of the properties from true to false:

      LCConfigService.updateConfig("activities.ssl.enabled","false") LCConfigService.updateConfig("blogs.ssl.enabled","false") LCConfigService.updateConfig("communities.ssl.enabled","false") LCConfigService.updateConfig("dogear.ssl.enabled","false") LCConfigService.updateConfig("files.ssl.enabled","false") LCConfigService.updateConfig("mobile.ssl.enabled","false") LCConfigService.updateConfig("news.ssl.enabled","false") LCConfigService.updateConfig("personTag.ssl.enabled","false") LCConfigService.updateConfig("profiles.ssl.enabled","false") LCConfigService.updateConfig("quickr.ssl.enabled","false") LCConfigService.updateConfig("search.ssl.enabled","false") LCConfigService.updateConfig("wikis.ssl.enabled","false")
      

      Do not set the value of the homepage.ssl.enabled property to false.

   5. After making changes, check the configuration file back in and do so during the same wsadmin session in which you checked them out for the changes to take effect. See Applying common configuration property changes for information about how to save and apply your changes.

2. Update the login page to send the credentials through port 80 (HTTP) instead of 443 (HTTPS) by changing two copies of the web.xml file for each feature.

3. Make a backup copy of the web.xml files. There are two copies that update and they are stored in the following directories:

   • <app_server_root>/profiles/<profileName>/config/cells/<cellName>/applications/<featureEAR>/deployments/<featureName>/<featureWAR>/WEB-INF

   • <app_server_root>/profiles/<profileName>/installedApps/<cellName>/<featureEAR>/<featureWAR>/WEB-INF

   where you specify values for the following variables:

   Feature EAR and WAR file information

   <featureName>	<featureEAR>	<featureWAR>
   Activities	Activities.ear	oawebui.war
   Blogs	Blogs.ear	blogs.war
   Bookmarks	Dogear.ear	dogear.webui.war
   Communities	Communities.ear	comm.web.war
   Home page	Homepage.ear	dboard.war
   Mobile	Mobile.ear	Connections_Mobile_Server.war
   News	News.ear	news.web.war
   Profiles	profiles.ear	peoplepages.war
   Search	search.ear	search.war

4. Open the web.xml file in a text editor, and then change the content of the <transport-guarantee> element from CONFIDENTIAL to NONE. For example:

   <user-data-constraint>
     <transport-guarantee>NONE</transport-guarantee>
   </user-data-constraint>
   

5. Save and close the file. Make the same change to the web.xml file for each feature. Be sure to make backup copies in case something goes wrong, so you can revert to the backup.

   You do not need to edit the web.xml files associated with the Files and Wikis features.

6. If you edited the httpd.conf file, which is the configuration file for the IBM HTTP Server, make sure there are no redirects specified which send requests over SSL.

7. Restart the WebSphere Application Server.

8. Refresh your browser cache.

The changes you made here are not retained when you upgrade to a later version of Lotus Connections. You must perform this procedure again to disable SSL in the subsequent version.

Security

---

+

Search Tips   |   Advanced Search