If you need to use Secure Sockets Layer (SSL) with a self-signed test certificate or a certificate that does not have a root certificate contained in the default manager keystore, you are either prompted, denied or allowed, depending on how you configure your managed preferences value for com.ibm.rcp.security.jceproxy/ssl.unknowncert.action
Three possible values are as follows:
Pass the SSL connection for sites with untrusted certificates.DENY
fail the SSL connection for sites with untrusted certificates. PROMPT
If Expeditor is running in headless mode, treat PROMPT equal to DENY. If Lotus® Expeditor is running with UI enabled, the user is prompted with the following choices:
- Do not trust this certificate or its certifying authority. Stop the current operation.
- Trust this certificate for this session; only.
- Trust this certificate.
The default value is PROMPT. To change this value, you must change the value of the com.ibm.rcp.security.jceproxy/ssl.unknowncert.action Eclipse preference. See Managing Eclipse preferences
for setting preference information.
The Lotus Expeditor trustmanager is configured by default to support SSL using the cacerts keystore file. Additionally, the trustmanager looks into the platform keystore. To reconfigure the default configuration, set the following system properties. See Configuring Java system properties
for information on how to set the properties.
You can specify the following properties for the client:
For more information on setting these properties, and configuring SSL for the VM, refer to the following URL:
Parent topic: Configuring platform security: XPD621