It may be desirable to use secure sockets for this communication if the networking between the IBM Notes
Traveler servers is not isolated or secure. Note that requiring secure server to server communications will impact overall performance.
To enable the use of SSL sockets between the IBM Notes
Traveler servers, the following steps can be used:
- To generate a self-signed certificate with an expiration date far in the future, use the following example:
<domino>\jvm\bin\keytool -genkey -v
i, the keytool is located at: /QOpenSys/QIBM/ProdData/JavaVM/jdk60/32bit/bin
It is recommended you use the same password for the storepass
and the keypass
. If the password parameters are omitted, the keytool will prompt for them.
- Copy the traveler.jks that was just created to each server. A suggested location is <domino data>\traveler\cfg. It is important for the servers to use the same certificate file, so the keytool command should not be run on each server.
- Open a command prompt.
- Change the directory to <domino data>\traveler\util.
- Run travelerUtil to configure IBM Notes Traveler to use SSL:
travelerUtil ssl set keystore=<domino data>\traveler\cfg\traveler.jks key=<password>
Specify the same password that was used for the storepass
parameters with the keytool command.
After making these changes, both the Traveler task and the HTTP task must be restarted on the IBM Notes
Traveler Server. When the IBM Notes
Traveler server restarts, it will use SSL sockets to communicate with other IBM Notes
Repeat these steps for each IBM Notes
Traveler server in the pool. All the IBM Notes
Traveler servers in the pool must be configured the same way; otherwise, they will not be able to communicate with each other.
Parent topic: Configuring the IBM Notes Traveler High Availability Pool