SSL Issue

hcl-bot · May 16, 2017, 12:43pm

Hello Everyone.

I am trying to set up Traveler on a 9.0.1 Server. I am using an SSL Keyring generated via the Domino CA.

When I try to connect to the Server over SSL, I get blocked by Chrome with the following :

Your connection is not private

Attackers might be trying to steal your information from mail.acme.com (for example, passwords, messages or credit cards).NET::ERR_CERT_INVALID

I cannot get any further.

If I go into Firefox, I get a similar warning, add an exception and am allowed in.

I am running Domino 9.0.1 FP7

What is the best way to resolve this ?

Many thanks

hcl-bot · May 16, 2017, 12:51pm

Subject: Install your CA’s root cert into Chrome’s trusted store

I believe that the mechanism to do this varies based on platform; a web search should find the correct documentation for your OS.

hcl-bot · May 16, 2017, 4:54pm

Subject: A local CA will probably not work

Chrome now strictly enforces what Firefox still warns about. This means a valid SSL certificate issued by a recognized provider.

hcl-bot · May 17, 2017, 1:26am

Subject: Letsencrypt

You can get a free SSL cert using Letsencrypt. Here’s a link to adding it to your Domino SSL keyring:

https://xomino.com/2016/02/18/adding-your-lets-encrypt-ssl-certificate-into-your-domino-keyring-file/ https://xomino.com/2016/02/18/adding-your-lets-encrypt-ssl-certificate-into-your-domino-keyring-file/

I looked at going down this path but opted for a reverse proxy (for both iNotes and Traveler) using Apache + Letsencrypt SSL cert as it’s easier to manage due to the cert only lasting 90 days.

hcl-bot · May 16, 2017, 1:34pm

Subject: SSL Issue

That will not help setting up Verse on Android phones.

It also won’t help should i wish to use a Chrome browser on machines other than my own.

Is there a solution other than buying an SSL cert?