Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space CS4NMB and version 2.10.0

Button to
SpaceDefaultLink[destination=Optional[PageResourceIdentifier[spaceKey=CS4NH,title=SSL-Zertifikat des Cryptshare-Servers dem Domino Server bekannt machen (optional)]],body=Optional.empty,tooltip=Optional.empty,anchor=Optional.empty,target=Optional.empty]
TitleDeutsch



Note

This only needs to be done if you see an error code 135 when administering the CS4N settings.

Depending on which SSL certificate you are using on your Cryptshare Server, a certificate error may occur when establishing a connection between the Domino Server and the Cryptshare Server. This happens if the Domino Server does regard the SSL certificate used on the Cryptshare Server as untrusted which typically is the case when you use a self-generated, private SSL certificate on your Cryptshare Server. But it is also possible that a public, commercial SSL certificate will not be regarded as trusted by your Domino Server by default.

Please refer to the admin manual of your Cryptshare Server concerning the handling of SSL certificates on the Cryptshare System.


Info
titleTLS 1.2

To use SSL, TLS 1.2 must be enabled on your Domino server. Please proceed as described in the following IBM manual:
https://www-01.ibm.com/support/docview.wss?uid=swg21985289IBM Domino Server


To add a certificate as trusted to the certificate storage in the Domino Java Environment, please proceed as follows:

Windows systems:

Method 1) Using the Windows GUI:

The simplest way to install certificates is to download and install a program called Keystore Explorer to import your certificate into the keystore. The default password for the keystore is "changeit"

Method 2) Using the Windows Command Line:

  • Open a command prompt
  • cd into to the Java Runtime Directory of your Domino Server "<Domino Server Directory>\jvm\bin"
  • Execute the following command:

    Code Block
    keytool.exe -import -trustcacerts -keystore ..\lib\security\cacerts -alias <sitename> -file <SSL Certificate>


    The default password for the JAVA certificate storage is changeit
    When asked if you want to trust the certificate, please confirm.

SSL import example


Code Block
titleSSL import on MS Windows systems
keytool.exe -import -trustcacerts -keystore ..\lib\security\cacerts -alias YourCryptshareDomain.com -file C:\tmp\YourCertificate.cer


Useful commands when working with keystores and certificates


Code Block
titleShow keystore
keytool -list -keystore ..\lib\security\cacerts
Code Block
titleDelete Keystore Entry
keytool -delete -alias <sitename> -keystore ..\lib\security\cacerts
Code Block
titleExport Keystore Entry
keytool -export -alias <sitename> -file <filename> -keystore ..\lib\security\cacerts

Linux/Unix Systems

  • Open the console
  • Navigate into the Java Runtime Directory on the Domino Server "<Domino Server Directory>/jvm/bin"
  • Execute the following command
Code Block
keytool -import -trustcacerts -keystore ../lib/security/cacerts -alias <sitename> -file <SSL Certificate>

The default password for the Java Certificate Store is changeit
If you are asked to trust the certificate, please confirm.

Note

Please restart the Domino Server to apply the changes.

Panel
titleTable of Contents

Table of Contents

Panel
titleRelated Knowledge Base Articles

Content by Label
showLabelsfalse
spacesCKB
showSpacefalse
typepage
cqllabel = "kb-troubleshooting-article" and type = "page" and space = "CKB"
labelskb-troubleshooting-article





Include Page
ATT:Footer
ATT:Footer