By default, Lotus Notes
® Traveler uses regular TCP sockets for communication between the Lotus Notes
Traveler server and the HTTP server, as well as for communications between the Lotus Notes
Traveler servers within an HA pool.
It may be desirable to use secure sockets for this communication if the networking between the Lotus Notes
Traveler servers is not isolated or secure. Note that requiring secure server to server communications will impact overall performance.
To enable the use of SSL sockets between the Lotus Notes
Traveler servers, the following steps can be used:
- To generate a self-signed certificate with an expiration date far in the future, use the following example:
<domino>\jvm\bin\keytool -genkey -v
It is recommended you use the same password for the storepass
and the keypass
. If the password parameters are omitted, the keytool will prompt for them.
- Copy the traveler.jks that was just created to each server. A suggested location is <domino data>\traveler\cfg. It is important for the servers to use the same certificate file, so the keytool command should not be run on each server.
- Open a command prompt.
- Change the directory to <domino data>\traveler\util.
- Run travelerUtil to configure Lotus Notes Traveler to use SSL:
travelerUtil ssl set keystore=<domino data>\traveler\cfg\traveler.jks key=<password>
Specify the same password that was used for the storepass
parameters with the keytool command.
After making these changes, both the Traveler task and the HTTP task must be restarted on the Lotus Notes
Traveler Server. When the Lotus Notes
Traveler server restarts, it will use SSL sockets to communicate with other Lotus Notes
Repeat these steps for each Lotus Notes
Traveler server in the pool. All the Lotus Notes
Traveler servers in the pool must be configured the same way; otherwise, they will not be able to communicate with each other.
Parent topic: Configuring the Lotus Notes Traveler High Availability Pool