Domino server rating from F to A+ in seconds

Posted by:

Requirements:
Server running 9.0.1 FP4 and up

Background:
Running SSL Labs test on https://www.ssllabs.com/ssltest/index.html
Gives You low rating

Mission:
Increase rating

Step1:
Gather OCSP information
Goto Site and View certificate

Go to Intermediate certificate next to Your own and View Certificate

Go to Details and Authority Information and under Alternative name write down the URL.
In our case it is https://ocsp.starfield.com/

Step2:
Update notes.ini from console with the following, remember to replace the value of OCSP_RESPONDER with Your value from Step1.!!

set config DISABLE_SSLV3=1
set config HTTP_HSTS_MAX_AGE=17280000
set config HTTP_HSTS_INCLUDE_SUBDOMAINS=1
set config SSL_ENABLE_OCSP_STAPLING=1
set config OCSP_RESPONDER=https://ocsp.starfield.com/
set config OCSP_CLOCKSKEW=10
set config OCSP_LOGLEVEL=31
set config SSLCipherSpec=C030009FC02F009EC028006BC0140039C0270067C013

In Release 10 the last notes.ini SSLCipherSpec is not respected it must be set in Internet Sites\Security

a. Is most secure

b. If You have with a. You can use this and get a good rating anyway

Step3:
Restart HTTP task with following command:
restart task http

Now You can test Your server again and everything should be running fine

0

Nyheter i Domino 10, Domino 11 och lite om Connections

Posted by:

Sista veckan i februari höll HCL öppet hus i Milano och pratade om vad de planerar att göra med IBM Collaboration produkterna, som de håller på att köpa från IBM. Precis innan det var det IBM Think 2019 i San Francisco, där också en hel del nytt presenterades för framförallt Domino. Beträffande själva köpet så vet vi inte så mycket mer än att allt tyder på att det verkar bli av och att HCL tänker ge Domino en nystart.

 

Några spännande grejor som ser ut att komma med Domino 11 under Q4 2019.

 

  1. Domino som Elastic Search provider. Elastic Search kommer äntligen att kunna ersätta Dominos fulltextindex, som i mina ögon överlevt sig själv med många år. För att inte störa bakåtkompabiliteten kan Elastic aktiveras applikation för applikation.

 

  1. HTTP-autentisering mot ID Vault vilket bl.a. förenklar lösenordshantering. ID Vault blir i allt bättre med APIer etc., vilket i sig fått Dominos katalog att fungera lite mer som t.ex. Active Directory. som t.ex. inte haft Dominos problem med t.ex dubbla lösenord och klientberoenden.

 

  1. Apropå Active Directory så kommer också en helt ny AD synk.

 

  1. Ny installerare – InstallAnywhere 2018 ersätter InstallShield som gick ur tiden för länge sedan

 

  1. Domino Publisher – Snärtigare eventhanterare för både publicering- och prenumerationer knutna till databasevents och document events.

 

To be continued…. Jag skall försöka uppdatera den här posten efterhand som mer information släpps från HCL och IBM

 

Nya Domino 10 funktioner som redan släppts eller släpps efterhand

 

  1. En app (Domino Mobile Apps, kodnamn Nomad) som kör traditionella Notes-applikationer direkt från Ipads sluttestas just nu och efter den kommer även Nomad för iPhone, Android och ChromeOS. Apple versionerna av Nomad verkar distribueras via Apples B2B app store. Infoware har testat Nomad med gott resultat och vi följer utvecklingen.

 

  1. Notes-applikationsstöd som WebAssembly komponent. Nomad är också byggd för att kunna kompileras enligt WebAssembly-standarden. WebAssembly är en ny standard för att köra binärer på webb oavsett webbläsare. Web browser pluginen verkar alltså komma tillbaka, men betydligt tunnare och mer standardbaserad än tidigare. Tillsammans med ID-Vault för både Notes och http så kan det nog bli riktigt smidigt att köra både webb- och traditionella Notes applikationer från både webbläsare och mobiler https://en.wikipedia.org/wiki/WebAssembly

 

  1. Domino Query Language

 

DQL – Domino Query Language släpptes i december 2018 med Domino 10.0.1. DQL är ett nytt blixtsnabbt sätt/API/Språk för att hämta data från Domino. Om jag förstått det rätt så kommer DQL t.ex. att kunna ersätta t.ex. sök och NoteCollections i Domino applikationer.

 

  1. Domino Query Language Explorer är en Notes databas byggd för att testa DQL och få frågorna översatta till java, lotusscript eller javascript.

https://www.youtube.com/watch?v=rJNqjfML9-I

Presentationen är 11 minuter. Riktigt snyggt.

 

  1. Domino AppDev Pack 1.0 har släpptes tillsammans med Domino 10.0.1 och nu siktar HCL på att följa upp det med en ny release varje kvartal. Målet med Domino AppDev pack är att möjliggöra modernare Domino utveckling baserat på Node.js, javascript tillsammans med Domino Query Language.

 

Connections framtid, vad händer där?

HCL verkar satsa lika hårt här, även om planerna inte verkar lika klara som för Domino. Några saker har dock sipprat ut

  1. Release-tempot ökas upp till ett nytt Feature pack per kvartal och paketen utlovas att innehålla mer nytt. Senast nu under Q1 släpptes IC6 CR4 med bland annat en funktion för att dela enskilda filer externt m.h.a. direktlänkar som sedan inte kräver inloggning. Den funktionen har iallafall jag längtat efter. Infoware släpper förresten DomainPatrol Social support för IC6 CR4 nu i dagarna.
  2. IBM Connections kund-Jams för att samla input framåt är igång nu i stil med HCLs Jams inför Domino 10 och senast Domino 11

 

Länkar till mina viktigaste källor

 

Bra sammanfattning om IBM Collaboration på IBM Think nu under februari 2019

https://domino.elfworld.org/this-is-what-happened-at-ibm-think-2019/

 

Bra sammanfattning från HCLs konferens i Milano nu sista veckan i februari 2019

https://www.c3ug.ca/c3ug-blog/2019/3/1/hcl-factory-tour-episode-2-a-new-base-a-new-hope-a-new-beginning

_______________________________________________________________________________________________

Picture copyright and cudos belongs to colleague and photographer Tony Andersson

https://500px.com/tonyandersson

 

 

 

 

 

0

Summer is coming, but relax, Infoware can take care of your IBM platform while you are away

Posted by:

Are you scratching your head thinking of who will take care of your IBM platform during the summer vacation period? Planning for the summer can be stressful, especially as you want to give your staff the vacation they need but also maintain a high quality in service acound your IBM platform.

Be calm! Infoware offers you rescue and control. All summer long!

Infoware's team of experienced IBM experts is your service every day.

Many organizatiosn have troubles on how to solve their staffing during the summer. We offer you experts who for example knows IBM Domino and IBM Connections inside and out. During the period, we assist you with monitoring and incident management, for example urgent operational problems.

We start our collaboration with a brief workshop where our experienced advisers learns your specific environment. Then we establish checklists and procedures necessary for you to feel completely confident that everything worksas it should.

We offer you the service levels (SLA) where we specifies availability, incident management and opening hours.

Your personal contact at Infoware has a whole team that knows your environment. Our service is offered on a weekly basis between June and September 2017.

Do you want to relax in the sun chair and not have your phone at arm's length all summer long?

Contact us today!

 

0

Official announcement from IBM – Extending support for Notes/Domino 9.0.1 to 2021

Posted by:

IBM announcent today that they will extend their support for IBM Notes/Domino 9.0.1 to September 2021. There has been some discussion in the community about Notes/Domino and IBMs future plan for the platform. What we know for a fact now is that Notes/Domino will be around to at least 2021. We also know that the IBM Domino Server is a core part of IBM Verse (and Verse on-prem is soon to be released) and that IBM is adding new functionality to the platform, like the possibility to use MS Outlook as your email client with IBM Domino Server as the backend. We also know that IBM will release Fix Pack 7 (FP7) for IBM Notes/Domino 9.0.1 in September 2017 which is a scheduled maintenance release, containing several bug fixes and some new features.

traveler connections ibm_notes_9_icon sametime9

Will there be a IBM Notes/Domino 9.0.2 or maybe a 9.1.0? Or will IBM Verse take over as the platform name, only time will tell…

So what about todays announcement, that is IBM telling us? Well support for version 9 of IBM Notes, IBM Domino, IBM Notes Traveler, and IBM Enterprise Integrator are extended to September 2021. Support for the following associated entitlements is also extended to September 2021:

  • IBM Sametime® V9.0 Limited Use
  • IBM Domino Designer V9.0.1
  • IBM Mobile Connect V6.1.5
  • IBM Domino Global Workbench V9.0.1

IBM is also adding entitlement to your Notes/Domino license to use some IBM Connections 5.5 features. The features we are talking about is the Files and Profiles features.

  • The Files feature helps users easily share content with other people and removes the need to send large files through email
  • The Profiles feature helps users find the people they need by searching across the organization

 

Link: IBM Notes and Domino V9.0.1 extends support and enhances its collaboration toolset with social capabilities from IBM Connections V5.5

As you know you can always contact us if you have any questions about this 🙂 

 

0

Revisit: Wildcard SSL certificate from P12/PFX file into Domino

Posted by:

The objective of this article is to provide an example on how to  do this with hopefully no discussions and no questions unanswered. Of course this example is based on a particular situation with a special certificate provider but can hopefully be translated to any other situation with other certificate authorities.
Wrote an earlier article, this is an update

Contents
1. Assumptions
2. What do I need
3. OpenSSL
4. Kyrtool
5. Syntax
6. Example
7. Implement the files on the server
8. Check out if it works
9. Important note
10. Conclusion

Assumptions:
Running Windows 64 bits (directory separator = \)
PFX file contains both certificate, intermediate and root certificates 
Domino server running 9.0.1 FP3

What do I need:
1. An exported P12/PFX file from in my case IIS, containing the wildcard certificate private key as well as the certification path to it.

2. OpenSSL:
Homepage: https://www.openssl.org/source/
Easy precompiled: https://slproweb.com/products/Win32OpenSSL.html
The one I used: https://slproweb.com/download/Win64OpenSSL-1_0_2g.exe

3. Kyrtool:
Fixcentral short: https://ibm.co/1SAYX5E
Fixcentral long: https://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ELotus&product=ibm/Lotus/Lotus+Domino&release=9.0.1.2&platform=All&function=fixId&fixids=KYRTool_9x_ClientServer&includeSupersedes=0

Syntax:
<ossldir> = Where you installed OpenSSL eg. C:\OpenSSL-Win64
<pfxdir> = Where you have placed your pfxfile
<pfxfile> = Name of your pfxfile eg. wildcard_acme_com.pfx
<pfxpassword> = Password to your pfxfile
<pemdir> = Where you have placed your pfxfile
<pemfile> = Name of your pfxfile eg. wildcard_acme_com.pem
<notespgmdir> = Notes or Domino program directory, minimum 9.0.1 FP3
(assumes that notes program directory is in your path, if not execute from program directory)
<kyrdir> = Directory where you want to put your kyrfile
<kyrfile> = Name of your kyrfile eg. wildcard_acme_com.kyr
<kyrpassword> = Password to your kyrfile

Check your pfx file:
<ossldir>\bin\openssl pkcs12 -info -in <pfxdir>\<pfxfile>
use <pfxpassword> when asked (nothing on PEM)

In general:
1. <ossldir>\bin\openssl pkcs12 -in <pfxdir>\<pfxfile> -out <pemdir>\<pemfile> -nodes -chain
use <pfxpassword> when asked (nothing on PEM)
2. <notespgmdir>\kyrtool create -k <kyrdir>\<kyrfile> -p <kyrpassword>
3. <notespgmdir>\kyrtool import all -k <kyrdir>\<kyrfile> -i <pemdir>\<pemfile>
Check in general:
1. <notespgmdir>\kyrtool show certs -k <kyrdir>\<kyrfile> >kyrcerts.txt
2. <notespgmdir>\kyrtool show keys -k <kyrdir>\<kyrfile> >kyrkeys.txt
3. <notespgmdir>\kyrtool show roots -k <kyrdir>\<kyrfile> >kyrroots.txt

Example:
1. C:\OpenSSL-Win64\bin\openssl pkcs12 -in C:\mypfxfiles\wildcard_acme_com.pfx -out C:\mypemfiles\wildcard_acme_com.pem -nodes -chain
use <pfxpassword> when asked
2. C:\IBM\Lotus\Domino\kyrtool create -k C:\mykyrfiles\wildcard_acme_com.kyr -p password
3. C:\IBM\Lotus\Domino\kyrtool import all -k C:\mykyrfiles\wildcard_acme_com.kyr -i C:\mypemfiles\wildcard_acme_com.pem
Check sample:

1. C:\IBM\Lotus\Domino\kyrtool show certs -k C:\mykyrfiles\wildcard_acme_com.kyr >wildcard_acme_com_kyrcerts.txt
2. C:\IBM\Lotus\Domino\kyrtool show keys -k C:\mykyrfiles\wildcard_acme_com.kyr >wildcard_acme_com_kyrkeys.txt
3. C:\IBM\Lotus\Domino\kyrtool show roots -k C:\mykyrfiles\wildcard_acme_com.kyr >wildcard_acme_com_kyrroots.txt

Implement the files on the server
1. Copy kyr file and the associated sth file to the server
2. Add the kyrfile name to your internet sites document or server document depending how your server is configured
3. Modify the cipher part
4. Make sure the SSL port is enabled in the Internet Ports.. section
5. Restart your http task on the server, use sh ta onl and check that http listens to both 80 and 443

Check out if it works
1. Use your browser and connect to your server via https
2. Look at your certificate information
3. Congratulations

Important note:
Following this means that especially the pem file is unprotected, therefore make sure that keep it in a safe place during this and maybe deleting it afterwards. Same goes for kyrfile (you can not delete them but keep them as safe as you can) as they contain private key.

Conclusion
Doing this task is not more complicated than any other task that involves certificates using any other platform.

Link to this document: https://stage.infoware.com/?p=7226

 

2

Report from the booth at IBM ConnectED 2015

Posted by:

I know you're all dying to hear what went on at IBM ConnectED so here is my take!

We flew down on Thursday before Connected to have some time to prepare and to meet-up with customers and friends. Our hotel was not Disney this time and it felt somewhat strange, but also positive. As always, American hotel rooms are so large that Mats Ekman said that we could easily fit all 10 of us in the same room if needed.

Friday and Saturday flew by with shopping, sightseeing, meetings and preparations for the upcoming conference week. We enjoyed large American breakfasts with everything included, a good steak dinner, a delicious lobster dinner, numerous pizza slices, pool time, lots of good discussions, and most of all the ever shining Florida sun. We all concluded that this was going to be a great week!

On Saturday night we hosted our annual Infoware Collaboration Reception at Texas de Brazil. The event is a perfect way to start off the conference and to welcome customers and resellers from all over the world. This time for the 10th year in a row! We had a fabulous evening with friends, good food, lovely desserts, laughter and fun. We are also happy that we can connect our customers with each other in a steadily growing network. It always feels very good to welcome everybody to us.

And Sunday! A day of sessions and booth preparations. 7 of us are here to focus on covering all the session tracks and to gather knowledge about all the latest from IBM and other business partners. So they were off to different kind of sessions. Me, on the other hand, Daniel Svanström and Fredrik Söderquist, were busy in our booth in TechnOasis getting everything ready for the evening’s Welcome Reception. We checked our demo environments, the leads scanner and of course our t-shirts!

Every year our t-shirts make a bit of a buzz among the visitors, and also this year! The word is spreading. "Aaww, you guys have the coolest t-shirt!". "I want one of those!" and so on. Some visitors dress up wearing our shirts and our message is visible here and there. Our kick ass ninja warrior that guards all our customer’s environments and also let’s everybody know that we offer the best solutions for every IBM customer!

Infoware is exhibitors and sponsors of IBM ConnectED for the 10th time in a row! That’s something! Infoware is a true blue IBM Premier Business Partner, and has social business as one of our main areas. This year we focus wholeheartedly to promote DomainPatrol Social, our administrating tool for IBM Connections.

Luckily we got ready in time, since the TechnOasis filled up to the brim at precisely 18:30! We realized quite soon that the rumors we heard were right. The organizers had expected around 1,500 attendees, but at least 1,000 more has registered. Excellent news! This resulted in a packed TechnOasis, and also a more intimate feel of the whole conference. The atmosphere was full of expectations and everybody had happy faces.

So the reception! Refreshments were served and it was busy in the booth right away! Our well-oiled machinery chugged off and we did demo after demo. We talked about our new release, social business and a new way to work according to Infoware etc. We noticed immediately that almost every visitor were using IBM Connections one way or another. A positive trend! And of course good for us, since our tool cover the needs of an organization using IBM Connections.

We worked hard! And after opening in the TechnOasis, the Welcome Reception continued outside on the Swan Lake terrace with food, drinks and DJs who played far too modern music according to Mats Feretti. 🙂

The next day after breakfast: OGS! Exciting! What would happen? How will this conference turn out? It was big expectations in the air and good music was playing when all the people were gathered. Jeff Schick opened with a bang. Talked about taking on Google and Dropbox. About the collaboration with Apple. Go IBM! Scott Probes did a live demo IBM Verse! Very cool. Scott smiled like a kid on Christmas Eve on stage. And we smiled with him! The whole concept of IBM Verse is "A New Way to Work". IBM Verse will work for you, and not vice versa. The mail has jumped to the next step and is now a tool to sort, categorize and prioritize all the information flowing over you on a normal working day. He also showed cool Watson features. The look of Verse is totally fabulous and I for one cannot wait until I can try and use it! Then Luiz Benitez showed us the new Connections interface which seamlessly waves into Verse in a very nice way.

The week went on in similar fashion. Three whole more days in the booth with non-stop networking and connecting with new and new friends. We decided that every member of our booth crew needs to have the same amount of tattoos as Fredrik. Well, we’ll see about that.

We caught up with our resellers that attended the conference too. Very good to show them our new release of our product and talk business, but also just to spend time together over a beer or two.

I also took the opportunity to meet my friends from Social Connections! Both Lars Samuelsson, Brian O’Neill, Jan Waldman and new friend Doug Morrison. All happy faces!

Notes/Domino turns 25 this year, which raised some attention during the week. Small happenings popped up here and there at the conference to celebrate the youngster. For example bubbly champagne, cakes, and not to forget temporary tattoos handed out by Matt Newman. We all got branded!

The evenings was of course a great deal of fun too! Every night we had something to look forward to. One small disappointing thing though was that there was no theme park booked for the ConnectED Party this year. I who, love roller coasters over than many, many other things had to settle for some drinks and food at the Dolphin Hotel instead. Although, there WAS indeed a very short ConnectED Party, with food and drinks in the Atlantic Hall at Dolphin. After we had eaten, we thought it was time to start the party! We went up on the huge empty dance floor and started dancing, and soon the dance floor filled up with others. 🙂 It’s always like this!

The week went on and soon it was Wednesday, and time for the Closing Session. Somewhat tired we went into the darkness of the session room to hear IBM say thank you and goodbye for a fantastic conference week! And we agree.

Last night with the gang. The week has been long and full of hard work, rest = zero, so we decide to do something simple and just for us at Infoware. A short trip down to Downtown Disney and a burger at the House of Blues. Great place with the music scene and American good food. We had a long table where we could take a break and rest and have a good time together. When the clock was 0:00, I was at home in the room, received a glass of whiskey from a colleague and started packing my bags. #yawn

Then it was over .. the end? 🙁 The feeling when we close the booth and say goodbye to all our friends and acquaintances cannot be described. I strolled by the Dolphin fountain and listened to its noise one last time and then went out waiting taxi to take us to the hotel. For several months I have breathed #ibmconnected with all the planning and hard work. And now it's over? Impossible. But there is also joy. An incredibly joy that has spread among us throughout the week. The buzz to have scooped a number of leads, talking to "everyone", said hello to "everyone". The IBM ConnectEd Community is not like others. It’s magical and captivating. And once you have walked over the bridge between Swan and Dolphin, you know you want to do it again and again and again. Because the reward for all the hours you invested is amazing!

0