MacOS X High Sierra and X11 Forwarding using SSH
After installation of High Sierra we recognized that a ssh connection to other systems show up a warning:
Warning: untrusted X11 forwarding setup failed: xauth key data not generated.
This happens when you installed the latest release from XQuartz 2.7.11 during the last year or so. It seems that the installation of High Sierra replace a couple of files even if they are related and needed by other applications - like XQuartz. To solve this issue just reinstall XQuartz 2.7.11.
Update Nextcloud 11 to Version 12
There are some circumstances that makes an update from Nextcloud 11 to Nextcloud 12 more complicated than it was before. In our case we are and were not able to execute the necessary shell commands because php-cli is not implemented by our provider. We also tried to update it using a fresh side-by-side installation, copy the config files to the new installation and choose the updater from the webbrowser. This procedure worked in all prior releases like a charm.
The new release brings a lot benfits. One very important one: Installed Apps in Nextcloud will not be lost, they will be updated during the upgrade process. This benefit brought some difficulties to us. We were not able update our sandbox and qa environment because the update of the apps needed a too large amount of time. The process ran into a timeout and broke the entire installation.
The solution for this issue is to deactivate all installed apps, run the side-by-side installation of Nextcloud 12 (including copy of the config files) and manually activate the apps after the upgrade was successful (which it was). This process was pretty easy: After the successful update all apps could be easily reactivated (and updated in place) in the Apps menu which needed just twenty minutes. There was only one app that could not be reactivated because it was not compatible with version 12.
Updating the Searchindex in IBM Connections
If your company works with IBM Connections you might have recognized that searching is one of the big benefits using your social media network. A specialized task is responsible for the abilty to search. This task will update the searchindex frequently, eg every 15 Minutes.
From time to time you might need to rebuild the index for one or for all components of Connections. This process is a bit complicated, timeconsuming and boring because you might monitor this process during several DAYS to rebuild everything. Because of this it is a good idea to write some scripts to automatically rebuild the index.
Here is a checklist for rebuilding the index:
- Deactivate regular index service
- Start Jython script to rebuild the needed index
Migrate Certificate to Domino Keystore
This article is the last one discovering the migration of Let's encrypt certificates to a domino environment. The previous artile was about Create Certificates with Let's Encrypt.
Now we can pickup the certificate. It will be stored on the filesystem of your server where you issued the certbot-auto command. The application tells you were you can pickup the certificate. In our case the cerficates are located at
Switch to that directory and copy all four files to a single file. You can either use an editor to to this or just cat them into the file.
cat firstfile.pem >> all.pem
cat fourthfile.pem >> all.pem
Now copy the file "all.pem" to an appropriate Notes client or Domino server. Download the kyrtool from IBM and extract the file into the programm directory. Now you can create a new kyr-file by initiating
c:\Notes\kyrtool.exe create -k c:\cert\ourKeyring.kyr -p appropriateSecuredPassword
This will create a ourKeyring.kyr and ourKeyring.sth file in c:\cert directory. Now we can import the all.pem file into that keyring.
c:\Notes\kyrtool.exe import all -k c:\cert\ourKeyring.kyr -i c:\cert\all.pem
Now, we are done. Just copy the two files ourKeyring.kyr and ourKeyring.sth file to your domino data directory. Ensure the filename is the same as you entered it in your domino directory and that filepermissions are set correctly (notes:notes or what your runtime user is).
That's it. After a restart of Domino's http-task your new certificate is active.
This article is the sequel to Let's Encrypt in Domino Environments
To create a certificate is very easy: Instruct the certbot-auto application to create the certificate:
./certbot-auto certonly -d <yourFQDN> --manual
This command (you need internet access) will contact Let's encrypt. It will ask you to create a cryptic file on your server with a much more cryptic content. With this file and it's content Let's encrypt can check whether you have appropriate rights to receive a certificate. They will access the file and compare the content with the content they generated. If both is identical, you will receive the ceriticate immediately.
First, create the necessary subdirectories on you Domino server.
Then create a file with the filename highlighted in certbot-auto on your filesytem and add the content form certbot-auto to the file
cat <certbotAutoContent> <notesdata>/domino/html/.well-known/acme-challenge/<certbotAutoFileName>
On Linux, AIX etc ensure that filepermissions are set correctly.
chown -R notes:notes <notesdata>/domino
This command will correct the permissions. Now you can switch to your server certbot-auto ist running on. When you agree to the test of your environment this will immediatly create the certificate. It is very useful to keep this filestructure and file on your server for later automatic renew of the certificate.
In the last article we will explain how to migrate those certificates to your domino server.