Lotus Notes and Domino 8.5.1 introduced the ability to push administrative trust defaults during Notes install or upgrade using a new deploy.nsf in the Notes install kit. The release also added additional Domino policy controls for timestamping of features and plug-ins. This article seeks to surface the documentation for these enhancements in a more targeted manner and also to address the somewhat persistent question of what signing steps are needed when deploying Eclipse-based third party features and plug-ins to Notes users.
Question -- How do you sign custom or third-party Eclipse-based features and plug-ins properly so that prompts do not appear during their installation?
Answer -- These Domino Administrator help topics contain the conceptual and procedural information required for signing and timestamping your third party or custom features and plug-ins prior to their deployment:
Signing custom or third-party features and plug-ins for install and update
Pushing trusted certificates to Lotus Notes clients (and its children topics)
Creating a security policy settings document (section titled "Configuring for signed plug-ins")
You can install a custom or third-party Eclipse-based feature during Notes install or upgrade by adding it to the Notes install kit. The overall process is to create the feature (sometimes also referred to as a "plug-in) using the Lotus Expeditor IDE and properly sign its JAR files (resident in the features and plugins directories). You then add the feature to the Notes install kit (install.xml and updateSite.zip) manually or using a supplied tool named addToKit.exe.
Note: If you're working on a Linux platform you'll add the new feature as a separate .deb or .rpm kit.
This information is documented in the following Domino Administrator help topics:
Customizing the Notes install kit (and its children topics)
Customizing Notes install for Linux RPM or DEB
Alternatively, you can deploy a custom or third-party Eclipse-based feature to an existing Notes installation using either a deployment widget or an add-on installer.
These techniques are documented in the following Domino Administrator help topics:
Note: While other methods may also be available, they are not explored in this article.
Deploying client plug-ins with widgets and the widget catalog -- also see "Configuring a new Features and Plugins deployment widget"
Creating a customized add-on installer
Note that there is complexity to all three of these techniques (customized install kit, widget deployment, or add-on installer) and that it's useful to browse the documentation topics in their "table of contents context" to see other needed and/or related topics -- use this button in the Infocenter to see the active topic in TOC-context.
Security-related information that Notes administrators and Eclipse-based feature/plug-in deployers may want to know:
-- Regardless of how you push the custom or third-party feature to Notes users, it should be properly signed -- and if it's part of the Notes install kit, it must be signed or install will not complete properly. See Signing custom or third-party features and plug-ins for install and update in Domino Administrator help for details.
-- In Notes and Domino 8.5.1, IBM added enhanced capabilities for setting timestamp and certificate authority values centrally. See Pushing trusted certificates to Lotus Notes clients (and it's 3 children topics) for details. Also see the section "Configuring for signed plug-ins" in Creating a security policy settings document.
-- In Notes and Domino 8.5.1, IBM added an optional deploy.nsf capability that can be used to push security settings at install-time for folks that do not want to set these values using Domino policy. See Customizing an install kit to set certifier and trust defaults for details.
-- In Notes and Domino 8.5.1, IBM added a new tool to simplify creation of an MSI-based add-on installer that can be used to deploy custom or third-party features and plug-ins to existing Notes installations. See Creating a customized add-on installer for details.
-- In Notes and Domino 8.5.1, IBM added a new tool to validate a customized Notes install kit prior to its deployment. See Validating your customized Notes install kit for details.
Other helpful information:
These are some of many additional articles that provide related information about creating and/or deploying custom or third-party features and plug-ins to Notes users:
Creating features and plug-ins for Notes client deployment
Using IBM Lotus Expeditor Toolkit 6.2.1 with IBM Lotus Notes 8.5.1
Deploying plug-ins and composite applications to Lotus Notes
Exploring ways to use Notes widgets and Domino policy to customize the Notes sidebar and deploy client features and plug-ins
You may also watch the webcast on Deploying Plug-ins and Widgets for Lotus Notes and Sametime