Using IBM HTTP Server with Lotus iNotes

Roberto Chiabra
Certified Lotus IT Specialist/Lotus Advisory IT Specialist

2006 IBM Corporation

Sample Case
Checklist of sample configuration
Configure a Domino Self-signed certificate for SSL
Enable the SSO using LTPA Token
Creation of iNotes Redirect database
Enable of support of plug-in in Lotus Domino(notes.ini)
Configuration of IHS
All users have access to Lotus iNotes

Lotus iNotes
(Intranet Access)

HTTPS protocol

IHS + WAS Plugin

HTTPS protocol (optional)
HTTPS protocol

Lotus iNotes
(Internet Access)
Lotus Domino

DMZ Trusted Domain

IBM HTTP Server(IHS) 6.1 + WebSphere Plugin

Dedicate IP Address
Fully Qualified hostname
Apply Fixpacks to IHS and Plugin
Enable IHS Secure HTTP Port (SSL) using Self-signed Certificate
Lotus Domino Software
Dedicate IP Address
Fully Qualified hostname
iNotes Redirect database
LTPA Token (if internet domain is different)
Enable Domino Secure HTTP Port (SSL) using Self-signed Certificate
In Domino server notes.ini, add "HTTPEnableConnectorHeaders=1"
Checklist of sample configuration

Parameters Value Comment

Intranet hostname Lotus Domino Server

Intranet IP Address IP interno

Internet hostname IBM HTTP Server

Internet IP Address IP de DMZ

Configure a Domino Self-signed certificate for SSL

Create a Self-Signed Certificate

Open the Server Certificate Admin database
Create key ring with Self-certified certificate
Common name: Use the fully qualified hostname
Organization: I recommend use the same name of Certificate
Enable Domino SSL Port
In the Server Document Tab Ports Internet Ports W eb
Change the SSL key file name with the name of the new key ring
Change the SSL port status to enable
Sample of creation of Self-Signed Certificate

Sample of configuration of SSL in Lotus Domino

Enable SSO using LTPA Token

Create a W eb SSO Document

Configuration Name: Add the name of the LTPA Token
Sample: LtpaToken
Organization: I recommend use the same name of Certificate
DNS Domain: Group | Lotus software
Domino Server Names: Add the domino server
Enable in the Domino W eb Engine configuration, the session
authentication using Multiple Servers(SSO)
Sample of Web SSO Configuration

Creation of Lotus iNotes Redirect database

Create a Lotus iNotes redirect database

Configure the profile using
Type of redirect: Dynamic
Enable SSL options

Sample of Configuration of Redirect database

Enable support for plug-in in Lotus Domino

Edit the notes.ini for Domino Server

Add the line
Restart the Domino Server

Testing access to Lotus Domino using SSL

Configuration of IHS
Configure the Plugin-xml file
Create a ServerCluster entry for the communication with Lotus
Domino using HTTP/HTTPS
Create a UriGroup entry for the valid URLs for Lotus iNotes
Enable IHS secure HTTP port
the httpd.conf file | Lotus software
Enable SSL in the Plugin-xml file
Add Domino Certificate(SSL) into Plugin key database
Using IE access to Lotus Domino using HTTPS
Install the certificate into IE
Export the certificate into a file
Import into Plugin key database
Sample of Plug-in.xml

Sample of Plug-in.xml

Sample of httpd.conf

Plug-in module and configuration

LoadModule was_ap20_module "C:\IBM\HTTPServer\Plugins\bin\mod_was_ap20_http.dll"

WebSpherePluginConfig "C:\IBM\HTTPServer\Plugins\config\webserver1\plugin-cfg.xml"

SSL Configuration for IHS

LoadModule ibm_ssl_module modules/

<VirtualHost *:443>





Keyfile "C:\IBM\HTTPServer\conf\webserverkey.kdb"

SSLStashFile "C:\IBM\HTTPServer\conf\webserverkey.sth"
Import Domino Self-Signed Certificate into IE

Export Domino Self-Signed Certificate into a file

Import Domino Self-Signed Certificate into Plug-in kdb

Check the resolution of hostnames (use ping command)

Don't forget modified the notes.ini to support the plugin
Test the communication between IHS and Domino using HTTP
before enable SSL
Be careful when edit the httpd.conf and plug-in.xml. Always save
a backup copy

