197 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
IBM Verse on Premises 1.0.2 available
Wed, Aug 30th 2017 4
IBM Webcast: JUMP Session: Domino Crash & Performance
Thu, Aug 24th 2017 4
Apache - Redirect based on IP tables
Thu, Aug 17th 2017 6
Sync database quotas between servers
Mon, Aug 14th 2017 4
IBM Connections 5.5 CR3 upgrade issue
Wed, Aug 9th 2017 5
IBM Connections Engagement Center V6.0
Tue, Jul 25th 2017 8
Performance problems on Apache Reverse Proxy
Fri, Jul 21st 2017 3
Top 10
IBM Connections 4.5 CR5 available
Tue, Aug 5th 2014 30
IBM Notes/Domino 9.0.1 Fix Pack 1 available
Wed, Apr 16th 2014 17
IBM Notes/Domino 9.0.1 Fixpack 3 available
Wed, Jan 21st 2015 13
Error "Overflow" in IBM Notes Standard Client
Wed, Mar 19th 2014 11
Resolve synchronisation issues after upgrade to IBM Notes Traveler 9.0.1.18
Tue, Jul 18th 2017 11
COMPACT -REPLICA CAUSE LOSS OF DATA IF USER MODIFY DURING COMPACT
Mon, Aug 8th 2016 10
IBM Notes/Domino 9.0.1 Feature Pack 8 Preliminary Release Notice
Fri, Jan 27th 2017 10
IBM Sametime: Updated security certificate for Push Notifications (iOS)
Fri, Jun 13th 2014 9
IBM Connections - Default settings for size limits
Thu, Oct 30th 2014 9
Generating a keyring file with a third party CA SHA-2 cert using OpenSSL and KYRTool on a Windows workstation
Mon, Jan 19th 2015 9


Moving Android devices from unsecure to secure communication with IBM Notes Traveler
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
   


IBM released a very smart way to switch Android devices to HTTPS communication with IBM Notes Traveler servers:

http://www-01.ibm.com/support/docview.wss?uid=swg21993951&myns=swglotus&mynp=OCSSYRPW&mync=E&cm_sp=swglotus-_-OCSSYRPW-_-E

Problem

Your IBM Verse for Android applications connect to your on-premises IBM Traveler server using an unencrypted HTTP connection instead of an encrypted HTTPS connection. Since the IBM Traveler server can use unencrypted HTTP connections immediately without any additional setup, some installations may have skipped the HTTPS setup procedures prior to deploying Verse for Android to users. To ensure that all your communications are encrypted, first enable HTTPS either on your IBM Traveler server or on an edge proxy. Then ensure the IBM Verse for Android app begins using the encrypted connection without requiring any manual intervention from your users.



Resolving the problem
This feature requires the following components at the specified minimum version levels:
· IBM Traveler server, version 9.0.1.15 (or later)
· IBM Verse for Android app, version 9.5.0.0 (or later)

If all the IBM Verse for Android apps have not yet upgraded to the required minimum level prior to the completion of these steps, then it is recommended you keep HTTP port 80 enabled until you can ensure all apps have been upgraded. It is not required that all users upgrade at the same time.

1. Enable your IBM Traveler server to use HTTPS. Typically, this will be the Domino server that hosts your Traveler server, but it could also be an edge proxy. If this is a Domino server, Domino 9.0.1 fp5 or later is recommended. See the following for more information on this task:

http://www.ibm.com/support/knowledgecenter/SSKTMJ_9.0.1/admin/conf_settingupsslonadominoserver_t.html

Also reference the article Securing connections for IBM Traveler mobile applications for the latest updates on security requirements for IBM Traveler servers and mobile apps.

2. Update the "External Server URL" field on the Traveler server to change the current server URL to start with “https://” instead of "http://". This can be done either through the current configuration document, by updating notes.ini, or by using the domino console. For more information, see:

http://www.ibm.com/support/knowledgecenter/SSYRPW_9.0.1/settingtheexternalserverurlforappledevices.htm

3. Before forcing all IBM Verse for Android apps to use the new URL, test the HTTPS connection to ensure that it works properly. The first test is to ensure that the HTTPS port is working properly and routing to the IBM Traveler server. You can use a web browser to easily validate this. Open a browser page, connect to your Traveler Server External URL, and login using an ID. For example, if your Traveler server External URL is https://traveler.example.com/traveler, use a web browser to connect to that page and validate that you do not see any errors.

4. Test the setup with a few devices that are connected to your IBM Traveler server using the HTTP connection. To do this, issue these commands at the domino console:

    tell traveler policy setdevice tsExternalURLEnforced=1 <deviceId> <user>
    tell traveler push flagsadd serviceability configGet <deviceId> <user>


Where <deviceId> and <user> are the device ID and user you are testing.You can obtain the <deviceId> of a user that has previously connected to the Traveler server using the command:

tell traveler show <userid>

5. Sync the test devices to ensure that the sync is working properly. From within the Verse for Android app, open Settings > Server and validate that the field called Use Secure Protocol is checked.

NOTE: Ensure that everything syncs normally and shows as secure. If you push an incorrect server URL to the mobile app, the only way to recover is to remove and reinstall the Verse app on the device.

6. After you have verified that the External Server URL is correct and your migrated device can sync, set the IBM Traveler server to enforce this property for all devices by entering the following command into the Domino server console:

    set config NTS_EXTERNAL_URL_ENFORCED=true


This command migrates the rest of your IBM Verse for Android apps (that meet the minimum level) to use your secure server URL.

7. Restart the IBM Traveler server to have the settings take effect.

8. Once all your IBM Verse for Android apps have been updated, you can disable the HTTP port on your Domino server, assuming it is not required for other applications that are using the same server.


---------------------
http://brandlrainer.blogspot.com/2017/01/moving-android-devices-from-unsecure-to.html
Jan 09, 2017
6 hits



Recent Blog Posts
4
IBM Verse on Premises 1.0.2 available
Wed, Aug 30th 2017 8:51a   Rainer Brandl
IBM released the new version of IBM Verse on Premises including the following new features: Calendar Inbox Make better decisions when responding to calendar notices by viewing your calendar at the same time. The new Calendar Inbox organizes all your calendar notices in one convenient place. Preview attachments You can instantly view Microsoft™ Office, OpenOffice documents, and PDFs in Verse On-Premises. View documents, spreadsheets, and presentations in Microsoft Office binary formats such a
4
IBM Webcast: JUMP Session: Domino Crash & Performance
Thu, Aug 24th 2017 7:31a   Rainer Brandl
IBM arranges a webcast regarding Domino Crash & Performance issues: Abstract This session aims to differentiate crash from hang issues in Domino server and gathering of diagnostic data needed in troubleshooting. Join us for this interactive, educational, lively session. Topic: Domino Crash & Performance: Differentiating Crash vs Hang and How to collect Domino diagnostics data Date: Wednesday, August 30, 2017 Time: 11:00 AM EDT (15:00 UTC/GMT, UTC-4 hours) for 60 minutes Join the Web
6
Apache - Redirect based on IP tables
Thu, Aug 17th 2017 1:49p   Rainer Brandl
Some days ago I received the question of a customer, if it´s possible to use a Reverse Proxy to either redirect to an internal or an external server based on IP ranges. After some searches and help from Martin Leyrer ( thanks a lot for your suggestions ), I figured out the complete configuration file for this special customer. If you need some URL redirection/rewriting, feel free to use this code ( suggestions for better ways to accomplish this request are highly welcome ): ServerName serve
4
Sync database quotas between servers
Mon, Aug 14th 2017 9:19a   Rainer Brandl
Today I again had the issue, that Database Quotas have not been synced between IBM Domino Cluster servers. After some search, I found the following post: http://tippner.blogspot.co.at/2011/08/synchronizing-database-quotas.html I did some modifications in the code and ran the agent with the Server ID and scheduled the agent one time a day... So far it´s looking fine... You can download the database here: https://www.dropbox.com/s/9ebh3r0qh4hl6ft/sync_dbquotas.nsf?dl=0
5
IBM Connections 5.5 CR3 upgrade issue
Wed, Aug 9th 2017 10:39a   Rainer Brandl
Today I installed Connections 5.5 CR3 at customer site and followed the required steps here. I also followed the steps for creating the requested Dynacache for the Rich Text Editor: http://www-01.ibm.com/support/docview.wss?uid=swg22001580 As mentioned I created the Dynacache just for the RTE-Cluster and figured out, that this led to problems for all single cluster member. So I removed the setting for the RTE-Cluster and added it for the complete cell: After a restart of all cluster serve
8
IBM Connections Engagement Center V6.0
Tue, Jul 25th 2017 8:52a   Rainer Brandl
IBM announced the new IBM Connections Engagement Center V6.0 including the following functions: Increases employee engagement, communications, and collaboration by transforming the IBM Connections environment into a digital workplace hubProvides employees with personalized, easy access to content and resources, such as corporate news, relevant content, links to important resources, files, and events, with content drawn from Connections features already being used, such as blogs and wikis, as w
3
Performance problems on Apache Reverse Proxy
Fri, Jul 21st 2017 6:35a   Rainer Brandl
Yesterday I had massive performance troubles after going online with an Apache Reverse Proxy running on CentOS 6.9 for IBM Notes Traveler. The customer has about 1.250 users and approx. 1.650 devices. After some investigation and a great site, where the performance parameters are described very good: ( https://www.linode.com/docs/web-servers/apache-tips-and-tricks/tuning-your-apache-server ) I figured out, that the default configuration of the HTTP server was causing this issues, because the
11
Resolve synchronisation issues after upgrade to IBM Notes Traveler 9.0.1.18
Tue, Jul 18th 2017 6:37a   Rainer Brandl
IBM Notes Traveler 9.0.1.18 has the new feature to access the users mail server with the same rights as the user. But if you forget to add the IBM Notes Traveler server to the field "Trusted Servers" in the server document of the Mail Server, you receive the following errors: An exception occurred when opening database /user.nsf using user shortname CN=John Doe /O=IBM in order to retrieve changed documents. Exception information: Throw: TASK_PROFILE_OPEN_DB *** Content Adapter Exception *
3
Ephox Textbox.io 2.2 delivers the latest rich text editing capabilities for IBM Connections
Fri, Jun 30th 2017 7:39a   Rainer Brandl
Ephox Textbox.io 2.2 provides the latest rich text editing capabilities seamlessly integrated into IBM Connections™. Robust and reliable performance across browser platforms and devices sets Ephox Textbox.io apart from other editors. Ephox Textbox.io 2.2 is available for new users of Connections V5.5 and V6.0 as well as users who have active subscriptions. Features of TextBox.io 2.2 Rich content embedding when a URL is typed or pasted on a blank line. Links to rich content are replaced with
2
"Inbox empty"
Wed, May 10th 2017 1:36p   Rainer Brandl
Today I received a call from a customer where the inbox did not display any content at some users - but only in the Notes client, not in iNotes !! After some investigations I remembered, that I had this issue some months ago and found the following IBM technote: http://www-01.ibm.com/support/docview.wss?uid=swg21965120 So if you create a folder with and the first character of the folder is a space, this folder is displayed instead of the inbox and it seems, that the inbox is empty.




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition