发表新帖
发表新帖

Create cross certificate for Domino Java agent?

后端 未结
关注
2 1541
温柔的废话
温柔的废话 2021-01-22 10:37

I am trying to connect to an https enabled web service using a Domino java agent. It works fine using http but fails on https. I disabled TLS 1.2 (apparently Fix Pack 4 and 5 ha

相关标签:
2条回答
  • 我在风中等你
    2021-01-22 11:18

    Create a cross certificate from your Domino CERT.ID to the SSL/TLS CA of the server certificate. By doing so, every server in you domain is trusting the SSL/TLS CA and any server that has as derived certificate from that CA. If you move the Notes Database to another server you don't have to worry about creating a cross certificate for that new server. You can also push this cross certificate by policy to all Notes Clients, so al users will trust this CA.

    Step-by-Step Domino Configuration

    1. Check what public certificates you need.

      Use e.g. SSL Labs enter the web service target server and go to the section "Certification Paths". In your case the Public Certificates are:

      • DigiCert SHA2 Secure Server CA
      • DigiCert Global Root CA

    2. Download the two public certificates from DigiCert

    3. Import Certificates

      Importing an Internet certifier into the Domino Directory

    4. Cross Certificate Certificates

      Server: Choose your Admin Server or server where the Domino CA (not SSL CA) is hosted.

      Certifier: Choose your certifier ID or your Domino CA

      Creating an Internet cross-certificate in the Domino Directory from a certifier document

    Java/LotusScript Side

    The Java or LotusScript Consumer has to be told to accept CA security (stub.setSSLOptions(PortTypeBase.NOTES_SSL_ACCEPT_SITE_CERTS);)

    Examples based on Creating your first Web Service provider and consumer in LotusScript and Java.

    Java

    HwProvider stub = new HwProviderServiceLocator().getDomino();
stub.setSSLOptions(PortTypeBase.NOTES_SSL_ACCEPT_SITE_CERTS); 
String answer = "" + stub.HELLO("world"); 
System.out.println("The answer is : " + answer);

    LotusScript

    Dim stub As New HwProvider()
stub.setSSLOptions(NOTES_SSL_ACCEPT_SITE_CERTS)
MessageBox stub.Hello("world")
    0 讨论(0)
  • 耶瑟儿~
    2021-01-22 11:23

    Before consuming the WS you need to cross certificate (in Domino) the api.qa.silverlining.synovia.com certificate.

    The Official doc, is not so clear so find below how to cross certify with the web server that have the ssl your want to cross certify to:

    1. copy the server id in your notes client.
    2. in your client, switch to id of the server
    3. go to User Security / People, Services / Find more about people/services:
    4. click the "Retrieve Internet service certificate" button
    5. check that the protocol is ok (sometime specify "Other" and fill port manually) and do not put "https" for service name.

    1. go to the LOCAL names of your client
    2. copy the cross certification (it's a document) from your local names.nsf to your server names.nsf:

    3. I don't remember if it is necessary:

      tell http refresh

    0 讨论(0)
 看不清?
提交回复
热议问题