Domino server rating from F to A+ in seconds

Posted by:

Requirements:
Server running 9.0.1 FP4 and up

Background:
Running SSL Labs test on https://www.ssllabs.com/ssltest/index.html
Gives You low rating

Mission:
Increase rating

Step1:
Gather OCSP information
Goto Site and View certificate

Go to Intermediate certificate next to Your own and View Certificate

Go to Details and Authority Information and under Alternative name write down the URL.
In our case it is https://ocsp.starfield.com/

Step2:
Update notes.ini from console with the following, remember to replace the value of OCSP_RESPONDER with Your value from Step1.!!

set config DISABLE_SSLV3=1
set config HTTP_HSTS_MAX_AGE=17280000
set config HTTP_HSTS_INCLUDE_SUBDOMAINS=1
set config SSL_ENABLE_OCSP_STAPLING=1
set config OCSP_RESPONDER=https://ocsp.starfield.com/
set config OCSP_CLOCKSKEW=10
set config OCSP_LOGLEVEL=31
set config SSLCipherSpec=C030009FC02F009EC028006BC0140039C0270067C013

In Release 10 the last notes.ini SSLCipherSpec is not respected it must be set in Internet Sites\Security

a. Is most secure

b. If You have with a. You can use this and get a good rating anyway

Step3:
Restart HTTP task with following command:
restart task http

Now You can test Your server again and everything should be running fine

0

Add a Comment