Secure Sockets Layer (SSL) connections are based on the existence of digital certificates to promote secure data exchange between server and client. In Lotus
® Expeditor, the Enterprise Management agent supports both normal and SSL connections between the client and a Lotus
Expeditor server. We recommend that you purchase commercial certificates for which public key certificates are already available on the client devices. This purchase greatly simplifies using secure connections because new certificates do not have to be deployed to the clients. You can also use self-signed certificates that you create. The procedures for deploying certificates to desktops and devices are different.
Configuring for the desktop
If you plan on running the Enterprise Management Agent application to connect to a Client management server located behind a secure URL, for example HTTPS, you must set up the Lotus
Expeditor Client with an appropriate default configuration.
The Enterprise Management Agent runtime does not provide any SSL-specific configuration capabilities and relies on the default platform settings.
Refer to Configuring SSL for the platform
for more information.
Configuring for devices
Although the installation steps are different for various device platforms, you can use the same certificate to support all platforms.
To configure SSL for Microsoft
® Mobile 5.0 or Microsoft Windows
CE 5.0, you must create a certificate and deploy it to both servers and clients.
Parent topic: Configuring platform security
- For instructions on creating certificates, refer to Obtaining a certificate in Using Lotus Expeditor Server and using the IBM® Key Management Utility (ikeyman) tool.
- When you create the certificate, the value for the Common Name (cn= value) field must match the server address the Enterprise Management Agent uses to connect with the Client Management server.
- Ensure that the dates for which the certificate is valid are correct.
- To configure the Lotus Expeditor Server for SSL communication, refer to Configuring Device Manager for SSL and Securing Lotus Expeditor Server for SSL in Using Lotus Expeditor Server.
- You must distribute the certificate created by ikeyman to the client devices. Use the keytool.exe from the Lotus Expeditor Client for Desktop to import the certificate into a cacerts file that can then be distributed to clients. This file replaces the existing file in the \eclipse\plugins\com.ibm.pvc.wece.device.win32.arm_6.2.0-<date
\jre\lib\security folder, so the file can be managed to not destroy any certificates previously deployed.
- After the certificate has been deployed to the client, the user can open Application ManagerPreferences, select the HTTPS option, and fill in the corresponding account information.
- The user can press the Test Connection button to make sure that entered information is correct and click Command -> OK to connect with the Client Management server.