ShowTable of Contents
Data directories
The files discussed in this document can be found at the locations below, in a standard deployment. The default data directories for IBM® Lotus® Domino® are as follows:
Domino Data Directory
Microsoft® Windows®: C:/Program Files/IBM/Domino/data
Linux®: /local/notesdata
Notes Data Directory
Windows: C:/Program Files/IBM/Notes/data
Linux: ~/lotus/notes/data
Implementing the SSL configuration on Lotus Domino
This is a two-step process, as follows:
(1) Creating a key ring with a Self-Signed Certificate
(2) Setting up SSL ports in Lotus Domino
Creating a key ring with a Self-Signed Certificate
Open the Domino Server Certificate Administration database (CERTSRV.NSF). You can do this either by using a Domino Administrator Client or by using a Lotus Notes client:
-
Install Lotus Notes (a Domino administration client can also be used) on a machine.
-
Configure Lotus Notes to allow the client to edit the remote file:
a) Create a copy of the admin.id file located in the Domino Data Directory on the remote machine.
b) Rename this file as <servername>_admin.id, and copy it to the Notes Data Directory on the local machine.
c) Launch Lotus Notes and log in, using the <servername>_ admin.id.
d) Select 'Other..." from the User name drop-down menu (see figure 1).
Figure 1. User name drop-down menu
e) In the Choose User ID to Switch To window, select the <servername>_admin.id, using the file browser (see figure 2). Click Open.
Figure 2. <servername>_admin.id
f) Enter the Domino administrator password and click Log In.
3. Optional: Create a Location document for each server you connect to. Note that you don't need to do this step, but it simplifies the process of working with users in the server's names.nsf, for example, when updating the ACL of a database:
a) Create a new Location doc by clicking the Up arrow beside the current location, which is on the bottom right-hand corner of your Notes client.
b) On the pop-up menu, click "Edit locations," and make a copy of the current location, changing the name and the servers on the Servers tab; click Save.
c) Then switch to that location by clicking the Up arrow again and then clicking on the new location.
4. Open the remote file, CERTSRV.NSF, using the Notes menu options File – Open – Lotus Notes Application (see figure 3).
Figure 3. Open a Lotus Notes Application
5. Enter the fully qualified path to the remote server and the name of the file you wish to edit; click Open (see figure 4).
Figure 4. Open Application window
6. Open the Server Certificate Administration window and click the Create Key Ring with Self-Certified Certificate button (see figure 5).
******************************************
WARNING: If you do this, you will have a SSL certificate that will not be accepted by most current browsers, as it will not be signed by a Certificate Authority and it will have a key size of 512 bytes. There is a reason this link is labeled "for testing only". It cannot be used on a server for SSL connections.
At this time, please go to the the technote at the following URL to create an SSL certificate that can be used on a server.
http://www-01.ibm.com/support/docview.wss?rs=899&uid=swg21114148
****************************************
Figure 5. Server Certificate Administration window
7. In the Key Ring Information and Distinguished Name sections, fill in the fields as indicated by the red arrows in figure 6, click “Create Key Ring with Self-Signed Certificate”, and click OK.
Figure 6. Key Ring Information and Distinguished Name sections
The “Key ring created with self signed certificate” window displays, confirming the data you entered in the previous step (see figure 7).
Figure 7. “Key ring created with self signed certificate” window
8. This creates the key ring in the Notes Data directory in your local file system (see figure 8); now copy the .sth and .kyr files to your Domino Data directory.
Figure 8. sth and .kyr files in Notes Data directory
Setting up SSL ports in Lotus Domino
-
Open the remote file, names.nsf, using File – Open – Lotus Notes Application.
-
Enter the fully qualified path to the remote server and the name of the file you wish to edit; click Open (see figure 9).
Figure 9. Open Application window
3. Click the Configuration tab, select Server – All Server Documents, and open the Server document (see figure 10).
Figure 10. Open Server doc
4. Select the Ports – Internet Ports tabs (see figure 11).
Figure 11. Internet Port tab
5. In the SSL settings section, edit the fields as shown in figure 12; click Save.
Figure 12. SSL settings section
Conclusion
You should now be able to successfully configure SSL encryption for Lotus Domino 8.5.1.
Resources
About the authors
Desmond McCann is a Chartered Engineer working on the Sametime Verification Test team at IBM's Mulhuddart, Ireland, facility. He has been with IBM since 2010, focusing on integration and interoperability across Lotus Sametime products.
John Doody is a Software Engineer working on the Sametime Verification Test team at IBM's Mulhuddart, Ireland, facility. He has been with IBM since 2009, focusing on integration and interoperability across Lotus Sametime products.