Setup guide
IBM Lotus Sametime 7.5 Release Notes Documentation updates
with this fragment:
Use excluded file types
list
Yes No Yes
Excluded File Types exe -- exe (union)
Use excluded file types
list
Yes Yes Yes
Excluded File Types exe gif, jpg, png, bmp exe, gif, jpg, png, bmp
(union)
Using SSL to encrypt connections between ST servlet and LDAP
When using SSL to encrypt connections between the Sametime servlet and LDAP, a jks key store
containing the LDAP SSL Certificate Authority must be created. The term 'kdb' should be replaced with
the term 'jks'.
There are two ways to create a
jks
key store. Create a new
jks
key store using IKeyMan, and import
the LDAP SSL Root CA and LDAP SSL server certificate into this jks key store. To create a jks key
store usting IKeyMan, refer to the sections "Use IKeyMan to create a key store file on the Sametime
server (Windows only)" and "Use IKeyMan to create a key store file on the server (Solaris/AIX)" in the
Administrator's Guide for additional information.
Instructions for Windows
1.
Run the command to convert a
kdb
(CMS) file to a
jks
file (from the GSKit installation folder):
gsk6cmd.exe -keydb -convert -db key.kdb -pw <password> -old_format cms
-new_format JKS
2.
Convert an existing
kdb
key store containing the LDAP SSL Certificate Authority to
jks
format key
store
3.
Update UserInfoConfig.xml with the LDAP server's SSL information:
a.
Open UserInfoConfig.xml located in the Sametime server program directory
(C:\Lotus\Domino\UserInfoConfig.xml) in a text editor.
b.
In the tag <SslProperties>, set the following:
KeyStorePath="C:\Lotus\Domino\key.jks"
(KeyStorePath should be the full path to
key.jks created in Step 1)
KeyStorePassword="password"
(KeyStorePassword should be the password to
key.jks
created in Step 1)
After the KeyStorePath and KeyStorePassword values have been added to UserInfoConfig.xml, restart
the HTTP service.
60