Subject: here is a solution
Hi Ashish .
Here is your solution follow the step
Scenario:
You want to enable webmail (web access) to users mail files via the Internet by having them just type in (for example) webmail.mycompany.com
This address automatically redirects them to use HTTPS (SSL port 443) even if they explicity type http in their browser and once they enter that address they are prompted to enter a username and password and based on the username and passwrord they are automatically redirected to their appropriate mail file.
STEP 1:
If there is a firewall in between:
Allow port 443 to your notes server (if you want http access as well open port 80)
If the server is on the DMZ with replica’s of the internal mail files:
on the firewall do as above.
copy all of the users mail files to the DMZ server in the \data\mail folder.
STEP 2 (if using a DMZ server with replica’s):
Create replication documents and sepcify the \mail directory to be replicated between the notes and the DMZ server (on the firewall you must allow lotustcp communication between the internal server to the DMZ - only allow one way communication from Internal to the DMZ never from the DMZ to the Internal).
STEP 3:
SSL Setup:
Open up the certsrv.nsf (or create the db using the ntf file) and from the main menu click on the last option “Create Key Ring with Self-Certified Certificate”
enter the appropriate information (use the name of the certificate to be the same as your url other wise you might have some problems)
If you did this from your client COPY the selfcert.STH and selfcert.KYR files to the notes server \Data dir.
STEP 4:
Open the server document of that server and set the following:
go to Ports>Internet Ports:
SSL Settings:
selftcert.kyr, negotiated, no, yes
Web:
80, Redirect to SSL, No, Yes, No, 443, Enabled, No, Yes, No
got to Internet Protocols>Domino Web Engine
HTTP Sessions:
Single Server, 10, 10 (you can change the last two settings to your preference)
STEP 5:
from the server console tell http q then load http
You should see the http service start (hopefully without any errors if you did all the steps correctly).
STEP 6:
Now using the domcfg5.ntf file create an NSF file called domcfg.nsf
Now that this file exists in the data directory instead of getting the ugly yellow sign-on screen you’ll see something with a red stop sign and big gold key (looks slightly better) and can be modified to whatver you want using the domcfg.nsf db (search this forum for more information on custimizing the logon screen).
STEP 7:
Now, from the Sand box (on the notes.net site)search for webmail redirect and download the zip. Unzip and get the “WebAccessRedirect650.ntf” file, rename it to webmail.nsf and copy it to your server’s data folder.
Open the db from your client set up the server/client/and application. One important thing is under the server settings use DYNAMIC not fixed. Save and close when done.
STEP 8:
Open the servers server doc and go to Internet Protocols>HTTP
Home URL: /webmail.nsf
save and close
STEP 9:
from the servers console tell http q then load http
now from a web browser just type in your FQDN of the server
for example: webmail.mycompany.com
you should get prompted to Accept the SSL certificate (you will get prompted EVRERY TIME unless you install the certificate, using IE just click on the View Certificates button when prompted to accept the certificate and follow the wizard to Install Certificate, that way once it’s installed you will not be prompted again when using that web browser).
Once you accept/install the certificate you should see the URL as HTTPS now.
a logon screen should be there as well (with a red stop sign and a gold key).
enter your username and password (the password can be set in the Address Book of your person doc under the Internet Password field).
Based on your username and password the next screen you will see is a “Redirecting…” screen, after a few seconds you should be at the welcome page of your e-mail (hopefully you’re using iNotes60 template for you mail file).
Any further query related to SSL feel free to ask …
Vikalp