{"id":2468,"date":"2016-06-24T17:06:33","date_gmt":"2016-06-24T15:06:33","guid":{"rendered":"http:\/\/blog.novaknet.de\/?p=2468"},"modified":"2016-06-24T17:06:33","modified_gmt":"2016-06-24T15:06:33","slug":"push-ssl-x-certs-to-ibm-notes-client-prevent-cross-cert-dialog","status":"publish","type":"post","link":"https:\/\/blog.novaknet.de\/?p=2468","title":{"rendered":"Push SSL x-certs to IBM Notes Client (prevent cross-cert dialog)"},"content":{"rendered":"

If you connect the IBM Sametime meeting oder advanced server from the IBM Notes client (plug-in) through\u00a0secure connection<\/span> (SSL) …<\/p>\n

\"2-2016-06-17_10-44-17\"<\/a><\/p>\n

… you will get a cross certificate warning<\/strong><\/em><\/span> within the Notes client.<\/p>\n

\"1-2016-06-17_10-44-49\"<\/a><\/p>\n

To prevent this annoying dialog<\/span> within the IBM Notes client you can push this x-certs<\/span> to all IBM Notes client through the IBM Domino policy<\/span>.<\/p>\n

    \n
  1. Configure\u00a0a secure (SSL) connection from your IBM Notes client (administrator) to the IBM Sametime meeting (or advanced) server
    \n    \"2-2016-06-17_10-44-17\"<\/a><\/li>\n
  2. After you connect the first time to the IBM Sametime meeting server you should get a cross-certificate window
    \n! DO NOT<\/span> automatically accept it.
    \nYou need to change the fields to save the cross-certificate to your central domino address book (names.nsf).
    \n    \"3-2016-06-17_10-44-49\"
    \n<\/a>NOTE: If you do not get the cross-certificate window, please check your local address book for already accepted x-certs and delete the concerning document.<\/em><\/span><\/li>\n
  3. In the field „certifier<\/strong><\/span>“ select your IBM Domino organization id<\/span> (e.g. \/edcom\/de)
    \nIn the field „server<\/strong><\/span>“ select your IBM Domino administration server<\/span> (could be any other Domino server who helds the names.nsf)
    \nIn the field „subject name<\/strong><\/span>“ select either the Sametime Meeting Server certificate or the „trusted root“ authority<\/span>
    \n    \"4-2016-06-17_10-45-45\"<\/a><\/li>\n
  4. Click „cross certify<\/strong><\/span>“ to save the cross-certificate between IBM Domino organization <> Sametime server „trusted root“<\/span><\/em> into your central IBM domino directory (names.nsf)
    \n    \"5-2016-06-17_10-46-26\"<\/a><\/li>\n
  5. Create or edit an IBM Domino policy \u00a0– security setting<\/span><\/strong>\u00a0document and switch to
    \n>> tab „keys and certificate<\/span><\/strong>“ >> section „administrative trust defaults<\/strong><\/span>“ and press the button „Update Links<\/strong><\/span>“ …
    \n    \"7-2016-06-17_10-46-59\"
    \n<\/a>… and select the cross-certificate you created before
    \n    \"6-2016-06-17_10-47-36\"<\/a><\/li>\n
  6. After the next login from the IBM Notes client, the cross-certificate from the IBM Domino policy security document was saved to the local address book in the view certificates
    \n    \"8-2016-06-17_10-58-05\"<\/a><\/li>\n<\/ol>\n

    Thats it<\/p>\n

    BTW – you could also use this documentation to push\u00a0x-certs between\u00a0DomOrg <> DomOrg to IBM Notes clients<\/p>\n","protected":false},"excerpt":{"rendered":"

    If you connect the IBM Sametime meeting oder advanced server from the IBM Notes client (plug-in) through\u00a0secure connection (SSL) … … you will get a cross certificate warning within the Notes client. To prevent this annoying dialog within the IBM Notes client you can push this x-certs to all IBM Notes client through the IBM […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,101],"tags":[],"class_list":["post-2468","post","type-post","status-publish","format-standard","hentry","category-nd","category-sametime"],"_links":{"self":[{"href":"https:\/\/blog.novaknet.de\/index.php?rest_route=\/wp\/v2\/posts\/2468"}],"collection":[{"href":"https:\/\/blog.novaknet.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.novaknet.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.novaknet.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.novaknet.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2468"}],"version-history":[{"count":4,"href":"https:\/\/blog.novaknet.de\/index.php?rest_route=\/wp\/v2\/posts\/2468\/revisions"}],"predecessor-version":[{"id":2481,"href":"https:\/\/blog.novaknet.de\/index.php?rest_route=\/wp\/v2\/posts\/2468\/revisions\/2481"}],"wp:attachment":[{"href":"https:\/\/blog.novaknet.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2468"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.novaknet.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2468"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.novaknet.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2468"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}