Secure Sockets Layer (SSL) connections are based on the existence of digital certificates to promote secure data exchange between server and client. In Lotus® Expeditor, the Enterprise Management agent supports both normal and SSL connections between the client and an Expeditor Server. We recommend that you purchase commercial certificates for which public key certificates are already available on the client devices. This greatly simplifies using secure connections since new certificates do not have to be deployed to the clients. However, you may also use self-signed certificates that you create. The procedures for deploying certificates to desktops and devices are different.
Configuring for the desktop
If you plan on running the Enterprise Management Agent application to connect to a Client management server located behind a secure URL, for example HTTPS, you must set up the Lotus Expeditor Client with an appropriate default configuration.
The Enterprise Management Agent runtime does not provide any SSL specific configuration capabilities and relies on the default platform settings.
Refer to Configuring SSL for the platform
for more information.
Configuring for devices
Although the installation steps are different for various device platforms, you should be able to use the same certificate to support all platforms.
SSL Configuration for Windows® Mobile 5.0, Windows CE 5.0
You must create a certificate and deploy it to both servers and clients.
- For instructions on creating certificates, refer to Obtaining a certificate in Using Lotus Expeditor Server and using the IBM® Key Management Utility (ikeyman) tool.
- When you create the certificate, the value for the Common Name (cn= value) field must match the server address the Enterprise Management Agent uses to connect with the Client Management server.
- Ensure the dates for which the certificate is valid are correct.
- To configure the Expeditor Server for SSL communication, refer to Configuring Device Manager for SSL and Securing Lotus Expeditor Server for SSL in Using Lotus Expeditor Server.
- You must distribute the certificate created by ikeyman to the client devices. Use the keytool.exe from the Expeditor Client for Desktop to import the certificate into a cacerts file which can then be distributed to clients. This file replaces the existing file in the \\eclipse\\plugins\\com.ibm.pvc.wece.device.win32.arm_6.2.0-<date
\jre\lib\security folder, so the file should be managed to not destroy any certificates previously deployed.
- Once the certificate has been deployed to the client, the user can open Application ManagerPreferences, select the HTTPS option, and fill in the corresponding account information.
- The user can press the Test Connection button to make sure entered information is correct and click Command -> OK to connect with Client Management server.
Parent topic: Configuring platform security: XPD621