APPENDIX C USING HARDWARE CRYPTOGRAPHY WITH DOMINO FOR SYSTEM I


Domino Setup
NOTES.INI Variables

The following are the NOTES.INI variables that can be set for using System SSL. The variables that have ‘Y’ under the Required? column must be set in order to use System SSL.
NOTES.INI variable nameRequired?Description
SYSTEM_SSL_HTTP=1YTells Domino to use the System SSL API instead of SSLPlus for HTTP
SYSTEM_SSL_APPLICATION_ID=MYSERVERYThe Application ID created in DCM for this Domino server
SYSTEM_SSL_TIMEOUT=30000NThe number of seconds until the SSL V3.0 session identifier expires. The range is 0-86400 (1 day) seconds. System SSL will remember SSL V3.0 session identifiers for up to this amount of time. By remembering these SSL V3.0 session identifiers, the amount of data exchanged during the SSL handshake can be reduced for peer applications where a complete initial handshake has already been performed. The default is 30000 seconds (8 hours).

Domino SSL Setup

Now you can set up SSL on the Domino server just as you normally would following the instructions in the Domino Help database. There is nothing specific to System SSL that you need to do. Once you set up SSL on Domino, you should have a Domino key file and stash file.

Note The Domino key and stash SSL files, used by protocols other than HTTP, are different from the i5/OS system key files used in the example above. Whenever Domino asks for a key file or stash file name, always provide the Domino key or stash file names.

Additional Notes