Nov 20, 2014, 12:42 PM
104 Posts

9.0.1 SSL setup, need tips (updated)

  • Category: Domino Server
  • Platform: Windows
  • Release: 9.0.1
  • Role: Administrator
  • Tags:
  • Replies: 2

So I'm  not an admin but play one during the day...

We have an existing physical server that serves as our customer facing portal. It's configured so http users are redirected to port 443 and we use a self-generated certificate. Server is 6.5 and it's gettin' old...

We are moving to a new VM running 9.0.1. Http is enabled.

I have the server config document set to accept both port 80 and 443. Port 80 is not configured to redirect to 443.

We haven't put the new server so it's web facing so I've configured everything to use its IP address. I have a self-generated SSL cert to the ip address.

I can connect and open dbs via http.

When I try to hit it via https, I get 'the page cannot be displayed'.

I've verified that the VM is listening on 443 and that the port is available from client running IE and the VM.

I have not set up web site documents or rules configure yet so I'm only working with the server config document.

What the heck am I missing?

Thanks for your ideas.


<EDIT #1>

I installed Firefox on the VM. I can open the site via http but when I do https I get the following so I'm thinking now that the issue is the self cert fails and IE (6.0.3790 specifically) isn't happy. Off to get a different browser and see what happens. If I'm heading down the wrong rabbit hole, let me know.

Secure Connection Failed

An error occurred during a connection to The key does not support the requested operation. (Error code: sec_error_invalid_key)

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.



<EDIT #2>

And that was it. Chrome still allows you to do unsafe operations and I was able to get connected via https.

Sorry for the clutter but sometimes, you just need to talk it out...

Nov 24, 2014, 6:12 AM
104 Posts
Fresh install with all the latest and greatest

We're migrating now pretty much because of POODLE so yes, FP2 is installed. The problem I'm facing is that I'm a designer not an admin and I'm certainly not a security expert. Nothing I've read tells me in plain English the worst thing that might happen if the server was attacked. The best I could get is 'not much'.

The server is read only, replication is one way push from inside our firewall to the outside, all access is via login, and all dbs are encrypted. The server is used only to display a subset of Notes docs to a subset of our customer base. My take on the issue is that we are at a very low risk level except for the fact that the various browsers are slowly refusing to connect to the server so an upgrade to the server was mandatory and we're switching from self-generated ssl certs to 'real' certs from external CAs.

Thanks for the reply, it is very much appreciated.