Expired Ssl Certificates; Switch From Https To Http - Tandberg Data TANDBERG IBM LOTUS NOTES-DOMINO V 11.3 - INSTALLATION AND QUICK GUIDE 2010 Integration Manual

2. Check that the connection to your Domino Server is presented there, and if not, create it by
clicking the Add connection button.
3. Open the server connection (whether previously existing or created at step 2) and verify that the
Use the port(s) parameter is set to TCP/IP.

Expired SSL certificates

If you have enabled HTTPS communication as described in the Enable secure communication
(Optional) chapter of this document, and the SSL certificate has expired, users will receive decline
notices saying:
―Cannot establish SSL connection to TMS server. Underlying reason: Certificate expired. Please
contact your system administrator.‖
To install a new SSL certificate to IIS and Domino, follow the steps below. For information on how to
create SSL certificates, see the Enable secure communication (Optional) chapter.
1. Open IIS Manager.
2. Right click on the TMS site and select Properties.
3. Select Directory Security, and select the Server certificate in the Secure communications
section.
4. In the pop-up wizard, click Next, and Assign an existing certificate.
5. Select the appropriate certificate from the Available Certificates list, click Next to see information
about the certificate, and click Next again to complete the installation.
6. Click Windows Start > Run... and type certmgr.msc to run Certificates Manager.
7. Expand Trusted Root Certification Authorities, right click Certificates and choose All Tasks >
Import.
8. When the wizard displays, click Next, and then point to the new certificate's .cer file.
9. Click Next and verify that the certificate will be stored in Trusted Root Certification Authorities,
and click Next and Finish to complete the import.
10. Copy the file to the Domino server, for example c:\certificates\tmscertificate.cer.
11. Log in to the Domino server.
12. Open a command prompt on the Domino server.
13. Change directory to <Domino directory>\jvm\lib\security.
14. Import the certificate by using the following command
..\..\bin\keytool.exe -import -trustcacerts -keystore cacerts -alias
<myname> -file <location of certificate file>\tmscertificate.cer.
Give the certificate a proper alias (for example TMS_server_certificate). Default java keystore
password is changeit.
15. Restart the Domino server.

Switch from HTTPS to HTTP:

1. Open IIS Manager, right click on the site containing the TMS applications and select Properties.
2. On the Web Site tab, set the field IP address to (All Unassigned).
3. Select the Directory Security tab, and click Edit in the Secure communications section.
4. Select the Require secure channel (SSL) checkbox and in the Client certificates section select
Ignore client certificates.
5. Click OK twice and restart IIS.
6. Open TMS Admin in Video Conference Resources Reservation database and set the HTTPS
radio button to No.
TANDBERG IBM Lotus Notes/Domino v 11.3 - Installation & getting started guide
APPENDIX C - Troubleshooting
Page 45 of 49