Enable SSL connections to a Domino server

 

+

Search Tips   |   Advanced Search

 

To configure the Common Mail and Common Calendar portlets to work over SSL, you use the IBM Key Management Utility (ikeyman) supplied by IBM WebSphere Application Server to exchange the IBM Lotus Domino SSL certificate with the WAS trust key stores.

The following procedure explains how to work with the certificates using the Internet Explorer browser. If you use another browser, refer to the browser documentation on certificates for detailed instructions on importing and exporting them.

  1. Enable SSL on the Domino server.

  2. Open Internet Explorer and type a URL for the Domino server using the HTTPS protocol, for example,...

    https://yourserver.domain.com/names.nsf

  3. When prompted to accept a certificate, click View Certificate, and then select Install Certificate.

  4. In the Certificate Import Wizard, click Next, select Automatically select the Certificate Store based on the type of certificate, click Next, and then click Finish.

  5. Click OK twice, and then click Yes.

  6. In Internet Explorer, choose...

    Tools | Internet Options Content | Certificates | Other People

  7. Select the certificate you imported, and then click Export.

  8. In the Certificate Export Wizard, select Base-64 encoded X.509 (.CER), click Next, specify a file name and location on the computer, and then click Finish.

  9. Close any open browser dialog boxes, and then exit Internet Explorer.

  10. Import the certificate into the default trust store in the Java Runtime Environment distributed with the Command Line Import Utility (CLIMP) by issuing the following command line from the app_server_root directory:

    java/jre/bin/keytool -import -file mycert.cer -keystore java/jre/lib/security/cacerts -alias CERTIFICATE_ALIAS -trustcacerts

  11. Enter changeit, the default keystore password, and then enter yes.

  12. Restart WebSphere Application Server.

  13. Start ikeyman, which is located in was_profile_root/bin, by executing ikeyman

  14. Select Open a store, navigate to...

    app_server_root/java/jre/lib/security

    ...and then select the file type All Files.

  15. Select the file cacerts, click Open, and then enter the password changeit.

  16. Find the certificate you stored with the certificate alias you provided earlier.

  17. Extract the new self-signed certificate as a certificate file using Base64-encoded ASCII data as the data type. This saves the certificate to a file name you specify with the extension.arm.

  18. In ikeyman, open the file...

    was_profile_root/etc/DummyServertrustfile.jks

    The default password for this file is WebAS.

  19. Select Signer Certificates, and then click Add.

  20. Select Base64-encoded ASCII data as the data type, and then browse to the certificate file you saved.

  21. When prompted for a label, enter the same label value you entered when we created the certificate.

  22. Save the updated DummyServertrustfile.jks file, and then exit ikeyman.

  23. Restart WebSphere Application Server and WebSphere Portal.

 

Parent Topic

Use the Common PIM portlets with Domino

 

Previous topic

Set up the Common PIM portlets and Lotus Domino to work together

 

Next topic:

Enable a third-party authentication server to work with Lotus Domino

 

Related information

Set up LDAP over SSL with Domino Directory