SSL working but not as expected

Hi All ,

Scenerio : I want user to acess their email through browser over ssl .

I have setup SSL correctly i hope so …

when user type the URL say https:// www.hclonline.com we get the seurity page alert if yes press we get the IBM default web page , with background and some link to lotus notes , designer and domino.

and when we acess the server via https://www.hclonline.com/mail/user.nsf we get the security alert then press yes , then we get prompt for user name and password and then User can acess mail over SSL .

What i was expecting the when we type https://www.hclonline.com it should directly prompt for user and password.

Just guide what i am missing , If i would able to reslove it will be great achievement for me as i am working on this from past 3 month and this first time i reached to it so close. So please help me out... 

Vikalp

Subject: SSL working but not as expected

Try this:http://sametime.lauder.ac.uk/help/help7_admin.nsf/b3266a3c17f9bb7085256b870069c0a9/8943cef571045030852570610054c2a7?OpenDocument

Regards,

Litty Joseph

Subject: RE: SSL working but not as expected

Hi Litty ,

Thanks for the response , well prior to SSL implementation

i had I notes implemented in which i used web direct and domcfg for customize login page which was working fine

for SSL i used the same setup but its not working.

What area i should look into now ?? . 

Vikalp

Subject: RE: SSL working but not as expected

Not sure how did you setup SSL. If it’s through an Internet Site document in Domino directory, then there is an option to specify default URL.

Domino Directory → Configuration → Web → Internet Sites → Web site → Configuration → Default Mapping Rules → Home URL

Regards

Litty Joseph

Subject: RE: SSL working but not as expected

Hi litty ,

Thanks for the prompt response .. 

I have followed the follwing step which was posted in one of the thread in this forum here are the steps

Scenario:

You want to enable webmail (web access) to users mail files via the Internet by having them just type in (for example) webmail.mycompany.com

This address automatically redirects them to use HTTPS (SSL port 443) even if they explicity type http in their browser and once they enter that address they are prompted to enter a username and password and based on the username and passwrord they are automatically redirected to their appropriate mail file.

STEP 1:

If there is a firewall in between:

Allow port 443 to your notes server (if you want http access as well open port 80)

If the server is on the DMZ with replica’s of the internal mail files:

on the firewall do as above.

copy all of the users mail files to the DMZ server in the \data\mail folder.

STEP 2 (if using a DMZ server with replica’s):

Create replication documents and sepcify the \mail directory to be replicated between the notes and the DMZ server (on the firewall you must allow lotustcp communication between the internal server to the DMZ - only allow one way communication from Internal to the DMZ never from the DMZ to the Internal).

STEP 3:

SSL Setup:

Open up the certsrv.nsf (or create the db using the ntf file) and from the main menu click on the last option “Create Key Ring with Self-Certified Certificate”

enter the appropriate information (use the name of the certificate to be the same as your url other wise you might have some problems)

If you did this from your client COPY the selfcert.STH and selfcert.KYR files to the notes server \Data dir.

STEP 4:

Open the server document of that server and set the following:

go to Ports>Internet Ports:

SSL Settings:

selftcert.kyr, negotiated, no, yes

Web:

80, Redirect to SSL, No, Yes, No, 443, Enabled, No, Yes, No

got to Internet Protocols>Domino Web Engine

HTTP Sessions:

Single Server, 10, 10 (you can change the last two settings to your preference)

STEP 5:

from the server console tell http q then load http

You should see the http service start (hopefully without any errors if you did all the steps correctly).

STEP 6:

Now using the domcfg5.ntf file create an NSF file called domcfg.nsf

Now that this file exists in the data directory instead of getting the ugly yellow sign-on screen you’ll see something with a red stop sign and big gold key (looks slightly better) and can be modified to whatver you want using the domcfg.nsf db (search this forum for more information on custimizing the logon screen).

STEP 7:

Now, from the Sand box (on the notes.net site)search for webmail redirect and download the zip. Unzip and get the “WebAccessRedirect650.ntf” file, rename it to webmail.nsf and copy it to your server’s data folder.

Open the db from your client set up the server/client/and application. One important thing is under the server settings use DYNAMIC not fixed. Save and close when done.

STEP 8:

Open the servers server doc and go to Internet Protocols>HTTP

Home URL: /webmail.nsf

save and close

STEP 9:

from the servers console tell http q then load http

now from a web browser just type in your FQDN of the server

for example: webmail.mycompany.com

you should get prompted to Accept the SSL certificate (you will get prompted EVRERY TIME unless you install the certificate, using IE just click on the View Certificates button when prompted to accept the certificate and follow the wizard to Install Certificate, that way once it’s installed you will not be prompted again when using that web browser).

Once you accept/install the certificate you should see the URL as HTTPS now.

a logon screen should be there as well (with a red stop sign and a gold key).

enter your username and password (the password can be set in the Address Book of your person doc under the Internet Password field).

Based on your username and password the next screen you will see is a “Redirecting…” screen, after a few seconds you should be at the welcome page of your e-mail (hopefully you’re using iNotes60 template for you mail file).

=========================

I am able to acess I notes using web direct and domcfg they are not working for SSL ..

Vikalp

Subject: RE: SSL working but not as expected

What happens if the full URL of user’s mail box is typed into browser window where user authentication has already taken place over HTTPS/SSL?

In the steps above, home URL is specified for HTTP. I am not sure if that will be applicable for HTTPS too. But I would tend to think so.

Subject: RE: SSL working but not as expected

Hi Litty ,

When we type the user Url for mail acess say

https://www.hclonline.com/mail/user.nsf first of all

Security alret window pops up , we press yes then it ask for user name and password and press ok

Then user see his mail box and if check the URL at that moment it display

https://

It mean SSL working but not in the way i desired

Waiting for your response

Vikalp

Subject: RE: SSL working but not as expected

Are you saying that this security alert that pops up is what is not expected? If so, what exactly does the security alert say?

I’m guessing you used your own CA or a self signed cert, and the browser doesn’t trust it by default.

Subject: RE: SSL working but not as expected

Hi Erik ,

Pop up for security alert is not any issue , What i want user

should get the prompt for user name and password when they Enter the URL say www.hclonline.com.

Please guide me what i should do in my present SSL setup.

Vikalp