This is a two part question. I will link to the first question at the bottom because they are related, but I have given it it’s own thread.
Our Traveler server is currently running ND9.01.FP2HF384, Traveler version 9.0.1.0 Build 201411031536. (I know I’m behind a few releases)
Right now we do not use SSL. (no lectures please)
I’m looking to upgrade to the latest version of Domino (9.0.1.4) and the lastest version of Traveler (9.0.1.7) but because the iOS Verse client requires SSL, it’s probably time we installed it on the server.
What are the ramifications to doing this with devices out there that connect using http?
Is there any way to push out the change to the devices or are they going to have to remove the installed Android client and reinstall? What about the iOS devices?
Subject: Are you going to redirect HTTP traffic to HTTPS ?
As long as HTTP remain available then your existing device should still be able to connect (also assuming no change to existing traveler FQDN). However you should plan on gradually having them re-configured to connect using HTTPS. You do know how to generate TLS certificate for your key ring, right ?
Oh, if someone suddenly upgrade their device to IOS 9 then they would need to re-configure Traveler to use HTTPS since Traveler would not work in iOS9 unless you have TLS setup on your traveler server.
IOS9 requires that you have purchased an SHA-2 SSL certificate from a third party CA, so to my knowledge you cannot use a Domino self signed SHA-2 certificate
In relation to setting up SSL/TLS for Traveler the certificate request needs to created using OpenSSL and keyring created using the new Domino kyrtool. the keyring is then installed on your Traveler server. Please see the following Wiki document in relation to this topic.
Please note if you Google Domino SSL, you will be directed to older technotes which advise using the Server certificate Admin database. These technotes are out of date as the Server certificate admin database cannot create or manage SHA-2 certificates.
I would suggest you open a PMR with the Domino support for assistance in relation to this task if you have never set up SSL before.
There are a number of users who have already upgraded their devices. The current version of traveler is working although some have discovered calendar entries are missing, which is why my other thread is asking about upgrading.
And I don’t know ifI’d be redirecting http to https.
I don’t know anything about SSL or TLS, hence the question.
I have setup some days ago a fresh installed Traveler 9.0.1.7 on a fresh installed Domino 9.0.1 FP4 behind a reverse proxy (on port 1237, so https://sub.domain.com:1237/traveler) with a self signed certificate and have tested the connection to an iPhone 5 with iOS9. Everything works like expected, no issues with the certificate.
The only problem is, that I can´t connect via IBM Verse because this needs a valid SSL certificate.
So my question is regarding SSL. Is it enough that the reverse proxy get´s a valid SSL certificate and the domino still runs on port 80? Does anyone know this?