Knowledgebase
Enable SSL connection between NotifySCM and IBM Domino
Posted by Donna Magada on 09 December 2016 02:32 PM

This article provides instructions on:

  • How to configure NotifySCM for SSL connection
  • How to add the Domino certificate so that it is trusted by NotifySCM

Enable SSL

Step 1: Enable SSL on NotifySCM

  1. Using a WEB browser, navigate and log in to the PIM configuration administration console, (https://<your_ip>/sense/pim/).
  2. Click on the PIM option and select the PIM Parameters tab.
  3. In the Mail server section, check the box labeled Connect using SSL?

Step 2: Create a key ring on Domino

Open the Server Certificate Admin (certsrv.nsf) database on a Domino server and use its forms to create and populate a key ring. For testing purposes, you can use the CertAdminCreateKeyringWithSelfCert form to create a key ring with a self-certified certificate.

**See Administering the Domino System, Volume 2 or the Domino Administrator Help for detailed information.

Step 3: Move the keyring to the server

The keyring consists of a keyring file (KYR file) and stash file (STH file). These files are generated on the computer from which you are accessing the Server Certificate Admin database.

Move or copy the two keyring files to the computer containing the Domino server. Place them in the server’s data directory. For example, if you create a keyring with a self-certified certificate using default names, and copy the files to a computer with a server whose data files are installed at C:\Lotus\Domino\Data, the server files would be:

C:\Lotus\Domino\Data\selfcert.kyr C:\Lotus\Domino\Data\selfcert.sth.

 

Step 4: Enable SSL on Domino

  1. In the Server document in the server’s Domino Directory, go to the Ports tab, then the Internet Ports tab.
  2. Under SSL settings, specify the SSL key file name (for example, selfcert.kyr).
  3. Go to the DIIOP tab. Ensure that the SSL port number is correct – it defaults to 63149. Enable the SSL port.
  4. Set Name, Password, and Anonymous Authentication as desired.

Step 5: Install the certificate on NotifySCM

Once the keyring files are on the server, starting or restarting the DIIOP task generates a file named TrustedCerts.class in the Domino data directory. Copy that file to NotifySCM_HOME/jboss/server/sense/lib.

Step 6: Restart the server

  1. Press the Windows button and enter "service" as the keyword.
  2. Select the program Services.
  3. On the Jboss Application Server 5.1, find the service SENSE-SERVER.
  4. Right click on it and press Restart.

 

** Steps 2 to 4 have been copied from the following site: http://blueteetech.wordpress.com/2007/08/02/configure-ssl-on-domino/