How to solve SSL Issues when using the Domino Synchronizer

Last update:
Created :
Written by Thomas Speekenbrink

Overview:

We officially do not support SSL, therefore it has to be disabled on the Domino server running the sync.

There are several options, depending on what is acceptable and possible.

How to:

Remove SSL entirely.

  • Open up the Server Document
  • Go to Ports >Internet ports tab
  • Make sure that SSL port status is set to Disabled
  • Save and close the Server document
  • Restart the HTTP task at the server console

Configure SSL so it’s bypassed when accessing the server with a specific DNS name:

  • PART 1: If both the Domino server and the SuperOffice connector are running on the same server we can accomplish this by using "localhost":
    • Create a new internet site documentin the domino directory for ‘localhost’ set to be available on the Sync-Domino server
    • Leave the option to redirect TCP traffic to SSL on this site document Disabled. This way non SSL traffic can only be used if the hostname "localhost" is used to connect to the server;
    • Set the homepage to the default domino homepage, so even if an external user manages to put an entry in their hosts file pointing to "localhost" at the external IP address they will not be asked to login over a non encrypted connection
    • Restart the HTTP task at the server console.

Create a new non-existing DNS name, to be specifically used by this sync connector:

  • PART B: Add a CNAME entry in your DNS server for example server.exampledomain.local to point at the correct Windows server (running the sync-Domino server)
  • Do the steps described in "PART A", replace localhost by exampleserver.exampledomain.local
  • Configure the exampleserver.exampledomain.local to be used by the SuperOffice connector