Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Using IHS With Lotus INotes V1.0

    Enviado por

    Gusff
    33 visualizações22 páginas
    Using IHS With Lotus INotes V1.0

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    Using IHS With Lotus INotes V1.0

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    33 visualizações22 páginas

    Using IHS With Lotus INotes V1.0

    Enviado por

    Gusff
    Using IHS With Lotus INotes V1.0

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 22

    Using IBM HTTP Server with Lotus iNotes

    Roberto Chiabra
    Certified Lotus IT Specialist/Lotus Advisory IT Specialist
    rchiabra@pe.ibm.com

    2006 IBM Corporation


    IBM Software Group | Lotus software

    Agenda
    Overview
    Architecture
    Requirements
    Sample Case
    Checklist of sample configuration
    IBM Software Group | Lotus software
    Configure a Domino Self-signed certificate for SSL
    Enable the SSO using LTPA Token
    Creation of iNotes Redirect database
    Enable of support of plug-in in Lotus Domino(notes.ini)
    Configuration of IHS
    Testing
    IBM Software Group | Lotus software

    Architecture

    All users have access to Lotus iNotes

    Lotus iNotes
    (Intranet Access)

    IBM Software Group | Lotus software


    HTTPS protocol

    IHS + WAS Plugin


    HTTPS protocol (optional)
    HTTPS protocol
    Firewall
    Firewall

    Lotus iNotes
    (Internet Access)
    Lotus Domino

    DMZ Trusted Domain


    IBM Software Group | Lotus software

    Requirements

    IBM HTTP Server(IHS) 6.1 + WebSphere Plugin


    Dedicate IP Address
    Fully Qualified hostname
    Apply Fixpacks to IHS and Plugin
    Enable IHS Secure HTTP Port (SSL) using Self-signed Certificate
    IBM
    Lotus Domino Software
    8.5.x Group | Lotus software
    Dedicate IP Address
    Fully Qualified hostname
    iNotes Redirect database
    LTPA Token (if internet domain is different)
    Enable Domino Secure HTTP Port (SSL) using Self-signed Certificate
    In Domino server notes.ini, add "HTTPEnableConnectorHeaders=1"
    IBM Software Group | Lotus software

    Checklist of sample configuration

    Parameters Value Comment

    Intranet hostname domino85.pe.ibm.com Lotus Domino Server

    Intranet IP Address 192.168.150.100 IP interno

    IBM
    Intranet Redirect Software Group | Lotus software
    redirect.nsf

    Internet hostname mail.pe.ibm.com IBM HTTP Server

    Internet IP Address 192.168.150.101 IP de DMZ


    IBM Software Group | Lotus software

    Configure a Domino Self-signed certificate for SSL

    Create a Self-Signed Certificate


    Open the Server Certificate Admin database
    Create key ring with Self-certified certificate
    Common name: Use the fully qualified hostname
    Sample: domino85.pe.ibm.com
    IBM Software Group | Lotus software
    Organization: I recommend use the same name of Certificate
    Sample: LOTUSWP
    Enable Domino SSL Port
    In the Server Document Tab Ports Internet Ports W eb
    Change the SSL key file name with the name of the new key ring
    Change the SSL port status to enable
    IBM Software Group | Lotus software

    Sample of creation of Self-Signed Certificate

    IBM Software Group | Lotus software


    IBM Software Group | Lotus software

    Sample of configuration of SSL in Lotus Domino

    IBM Software Group | Lotus software


    IBM Software Group | Lotus software

    Enable SSO using LTPA Token

    Create a W eb SSO Document


    Configuration Name: Add the name of the LTPA Token
    Sample: LtpaToken
    Organization: I recommend use the same name of Certificate
    Sample: LOTUSWP
    IBM Software
    DNS Domain: Group | Lotus software
    Sample: pe.ibm.com
    Domino Server Names: Add the domino server
    domino85/LOTUSWP
    Enable in the Domino W eb Engine configuration, the session
    authentication using Multiple Servers(SSO)
    IBM Software Group | Lotus software

    Sample of Web SSO Configuration

    IBM Software Group | Lotus software


    IBM Software Group | Lotus software

    Creation of Lotus iNotes Redirect database

    Create a Lotus iNotes redirect database


    Configure the profile using
    Type of redirect: Dynamic
    Enable SSL options

    IBM Software Group | Lotus software


    IBM Software Group | Lotus software

    Sample of Configuration of Redirect database

    IBM Software Group | Lotus software


    IBM Software Group | Lotus software

    Enable support for plug-in in Lotus Domino

    Edit the notes.ini for Domino Server


    Add the line
    HTTPEnableConnectorHeaders=1
    Restart the Domino Server

    IBM Software Group | Lotus software


    IBM Software Group | Lotus software

    Testing access to Lotus Domino using SSL

    IBM Software Group | Lotus software


    IBM Software Group | Lotus software

    Configuration of IHS
    Configure the Plugin-xml file
    Create a ServerCluster entry for the communication with Lotus
    Domino using HTTP/HTTPS
    Create a UriGroup entry for the valid URLs for Lotus iNotes
    Enable IHS secure HTTP port
    IBMinSoftware
    Enable SSL Group
    the httpd.conf file | Lotus software
    Enable SSL in the Plugin-xml file
    Add Domino Certificate(SSL) into Plugin key database
    Using IE access to Lotus Domino using HTTPS
    Install the certificate into IE
    Export the certificate into a file
    Import into Plugin key database
    IBM Software Group | Lotus software

    Sample of Plug-in.xml

    IBM Software Group | Lotus software


    IBM Software Group | Lotus software

    Sample of Plug-in.xml

    IBM Software Group | Lotus software


    IBM Software Group | Lotus software

    Sample of httpd.conf

    Plug-in module and configuration


    LoadModule was_ap20_module "C:\IBM\HTTPServer\Plugins\bin\mod_was_ap20_http.dll"

    WebSpherePluginConfig "C:\IBM\HTTPServer\Plugins\config\webserver1\plugin-cfg.xml"

    SSL Configuration for IHS


    LoadModule ibm_ssl_module modules/mod_ibm_ssl.so

    Listen 0.0.0.0:443 IBM Software Group | Lotus software


    <VirtualHost *:443>

    ServerName mail.pe.ibm.com

    SSLEnable

    </VirtualHost>

    SSLDisable

    Keyfile "C:\IBM\HTTPServer\conf\webserverkey.kdb"

    SSLStashFile "C:\IBM\HTTPServer\conf\webserverkey.sth"
    IBM Software Group | Lotus software

    Import Domino Self-Signed Certificate into IE

    IBM Software Group | Lotus software


    IBM Software Group | Lotus software

    Export Domino Self-Signed Certificate into a file

    IBM Software Group | Lotus software


    IBM Software Group | Lotus software

    Import Domino Self-Signed Certificate into Plug-in kdb

    IBM Software Group | Lotus software


    IBM Software Group | Lotus software

    Troubleshooting

    Check the resolution of hostnames (use ping command)


    Don't forget modified the notes.ini to support the plugin
    Test the communication between IHS and Domino using HTTP
    before enable SSL
    Be careful when edit the httpd.conf and plug-in.xml. Always save
    IBM Software Group | Lotus software
    a backup copy

    Você também pode gostar