Bewertung: 5 / 5
Create Certificate
This article is the sequel to Let's Encrypt in Domino Environments
To create a certificate is very easy: Instruct the certbot-auto application to create the certificate:
./certbot-auto certonly -d <yourFQDN> --manual
This command (you need internet access) will contact Let's encrypt. It will ask you to create a cryptic file on your server with a much more cryptic content. With this file and it's content Let's encrypt can check whether you have appropriate rights to receive a certificate. They will access the file and compare the content with the content they generated. If both is identical, you will receive the ceriticate immediately.
First, create the necessary subdirectories on you Domino server.
mkdir <notesdata>/domino/html/.well-known/acme-challenge
Then create a file with the filename highlighted in certbot-auto on your filesytem and add the content form certbot-auto to the file
touch <notesdata>/domino/html/.well-known/acme-challenge/<certbotAutoFileName>
cat <certbotAutoContent> <notesdata>/domino/html/.well-known/acme-challenge/<certbotAutoFileName>
On Linux, AIX etc ensure that filepermissions are set correctly.
chown -R notes:notes <notesdata>/domino
This command will correct the permissions. Now you can switch to your server certbot-auto ist running on. When you agree to the test of your environment this will immediatly create the certificate. It is very useful to keep this filestructure and file on your server for later automatic renew of the certificate.
In the last article we will explain how to migrate those certificates to your domino server.
Bewertung: 4 / 5
Let's Encrypt in Domino Environments
From time to time we have to implement or update a certificate on our Domino and/or Traveler servers. Let's encrypt enables us to get those certificates for free without any charge (Expiration time: 90 days). The first step is to receive those certificates. Depending on your operation system you have to install one of the several clients. We use the certbot-auto client.
The way to install that client is well documented and there is no need to be explained here. After that you need to create your certificate. Here are the steps on how to create and convert them into a domino environment.
- Create Certificate
- Execute necessary command
- Create necessary file in your domino environment
- Let's encrypt will check for this file
- Certificates will be generated
- Migrate certificates to Domino
- Create single certificate file
- Download kyrtool from IBM
- Use kyrtool to create a Domino KYR-file
- Import all data into newly created KYR-file
- Install new certifcate in Domino
In the next article we will explain how to create Let's Encrypt certificates. And in the last article we will explain how to migrate them to domino.
Bewertung: 5 / 5
Where Do I Find NOTES.INI On My Mac
If you try to find the notes.ini file on your Mac you will not find one. All application specific properties will be stored in a file called
"Notes Preferences"
in each users home directory. If your user eg is called Keith then navigate to
/Users/Keith/Library/Preferences/
here you will find the file Notes Preferences which includes the same information and syntax as the notes.ini file.
Bewertung: 5 / 5
Ubuntu Kernel patched: solved bindsock issue on Domino servers
If you run a Domino, Sametime or Traveler server on Ubuntu than you might have recognized an issue during the last kernel releases that prevented to start http, ldap or any other task running a port smaller than 1024.
The Ubuntu kernel team solved that issue by implementing a workaround in the kernel because the main issue seems to be in bindsock library on domino side. Now we could run the up to date kernel release on Domino servers again.
Hopefully this workaround will not be removed in later kernel versions (again).
If you want to be informed follow:
Bewertung: 5 / 5
Passworddecoder for WAS-Passwords
We frequently have the same problem on customer sides that we find WAS-installation (WebSphere Portal, IBM Connections, Sametime etc) and nobody remembers the passwords used for internal/ machine users.
If you look into config files you will find only the encrypted passwords.
Because of this you can decrypt your password using one of three methods.
- You can just search the web
- You can execute a long commandline on your server.
Examples for this with WAS Version 8
../java/bin/java -Djava.ext.dirs=/opt/WebSphere/AppServer/deploytool/itp/plugins/com.ibm.websphere.v8_1.0.201.v20111031_1843/wasJars/ -cp securityimpl.jar:iwsorb.jar com.ibm.ws.security.util.PasswordDecoder {xor}HQkdb2Y=
encoded password == "{xor}HQkdb2Y=", decoded password == "BVB09"
Same for version 7
WAS Version 7
../java/bin/java -Djava.ext.dirs=/app/websphere/appserver/deploytool/itp/plugins/com.ibm.websphere.v7_7.0.3.v20110824_2356/wasJars/ -cp securityimpl.jar:iwsorb.jar com.ibm.ws.security.util.PasswordDecoder {xor}HQkdb2Y=
encoded password == "{xor}HQkdb2Y=", decoded password == "BVB09"
The most diffcult thing for us is to remember the command and the syntax to execute. Well, we wrote a scipt.
Feel free to copy it to your homedirectory and execute it (at your own risk). The script will check for the correct path and gives you the decrypted password on the command line.
Download here......