Notes / Domino by Russell Maher 

Tika Troubles – Indexing Attachments  

By Russell Maher | 10/28/19, 1:51 AM | Infrastructure - Notes / Domino | Added by John Oldenburger

Seems to me like the first rule of software development runs something like “Don’t screw up things that have been working just fine for decades” but today we have this. Domino 10.01 FP 3. If we try to FT index any database and index attachments using conversion filters we get this.

Be aware of automatic Domino HSTS Settings  

By Russell Maher | 4/29/16, 8:52 AM | Infrastructure - Notes / Domino | Added by Oliver Busse

As part of our normal review of such things I ran an SSL Labs test on our sites only to discover that we now had double header entries in our responses for Strict-Transport-Security.

Fix for More TLS POODLE Troubles  

By Russell Maher | 2/1/15, 11:13 AM | Infrastructure - Notes / Domino | Added by Johnny Oldenburger

If you're running IHS in front of your Domino servers you'll probably want to apply this setting to prevent against the latest POODLE attack which now also affects TLS (the last time we did this it only affected SSLv3). Edit your Domino.conf file and add these lines inside your SSL configuration.

Got PNG? You may get problems.  

By Russell Maher | 11/17/14, 7:51 AM | Infrastructure - Notes / Domino | Added by Johnny Oldenburger

Last Spring I was configuring the Web Application Firewall in front of our Domino XPages application and discovered a rather annoying little Domino "feature." It seems that Domino likes to send PNG files down the wire while indicating that those files are JPEG files. The issue is that the image might not display at all depending on your network and security setup.

Domino SSL Fixes Coming: "Dis is good!"  

By Russell Maher | 10/21/14, 2:38 PM | Infrastructure - Notes / Domino | Added by Oliver Busse

As Nicolas Cages tells Cher in Moonstruck when he's eating the steak she cooked for him... "'Dis is good." IBM released two technotes today regarding SSL and Domino. I do wish this would have happened sooner but I can tell you from a lot of life experience that "late" is truly better than "never." Domino peeps will be able to support TLS 1.0 and disable SSLv3 support (to protect themselves from POODLE without a proxy server) AND support for SHA2 SSL/TLS certificates is also coming. If you want to get to TLS1.2, you'll still need to proxy your Domino server but this is still a very good, very welcome announcement!

Setting Up TLS (SSL) for IBM HTTP Server with Domino 9 - Part 2  

By Russell Maher | 5/31/13, 1:49 AM | Infrastructure - Notes / Domino | Added by Per Henrik Lausten

In Part 1 I showed you how to use IKeyMan to set up your SSL keys database. Now in Part 2 we will configure IHS to actually use your keys and to use TLS (SSL).

Setting Up TLS (SSL) for IBM HTTP Server with Domino 9 - Part 1  

By Russell Maher | 5/31/13, 1:49 AM | Infrastructure - Notes / Domino | Added by Per Henrik Lausten

In the last post I went through the steps to install and set up the IBM HTTP Server with Domino 9. In this and the following post we'll go through the steps to enable TLS (SSL) which really is the reason to use the IBM HTTP Server with Domino in the first place.

Setting Up The IBM HTTP Server with Domino 9  

By Russell Maher | 5/30/13, 2:03 AM | Infrastructure - Notes / Domino | Added by Per Henrik Lausten

The IBM HTTP Server 8.5 is included with Domino 9 and you can use it as your HTTP server instead of the Domino HTTP server if you wish. This post describes the steps required to get it running.

Check Your SSL  

By Russell Maher | 10/16/12, 11:39 AM | Infrastructure - Notes / Domino | Added by Per Henrik Lausten

As luck would have it, I happen to have a blog post almost ready to go on SSL so now seems like a good time to post it. First, you should be aware that if you are using an SSL key smaller than 1024 bytes, you may find people are not going to be able to access your site using Internet Explorer. Second, what I really wanted to post about is a nifty little tool to test the SSL on your site.