Content FeedSolution to issue with Connections 2.0 SSL and IE7
I've been struggling with a strange problem with Lotus Connections 2.0 (well WAS6.1 really), SSL and IE7.
The customer I'm working with is using self-signed SSL certificates as part of a Connections 2.0 pilot install. Using the process documented in the Infocenter, plus Jon Mell's excellent install guide, this SSL config works fine with Firefox. However, with IE7 (which is their default browser), even importing the SSL cert into the browser still gave a "There is a problem with this website's security certificate" error, pointing to a certificate issued by "WebSphere Plugin Key" to "WebSphere Plugin Key". No matter what I did using the Integrated Solution Console (the new way of managing SSL with WAS6.1) I could not get rid of the error, even re-importing the self-signed cert into the plugin-key.kdb file.
However, after a lot of testing, this seems to be the way to get round this. Make a backup copy of the plugin-key.kdb file on the Connections server. Start the iKeyman utility (in \ibm\websphere\appserver\bin). Open the plugin-key.kdb file (in \HTTPServer\Plugins\config\webserver1 usually), the password is usually WebAS. In Personal Certificates, you will see a cert labelled "Websphere Plugin Key". If this is the only key in Personal Certificates, this is your problem. To resolve, click "New Self-Signed", label the new cert "Self-signed Plugin cert" or similar, ensure the hostname is correct, mark it as the default certificate and click OK. Close the key database file. Stop and restart the HTTP server.
IE7 will still prompt for the self-signed certificate, but this can be saved and installed into the browser so that it does not prompt in future. The Websphere Plugin Key will no longer cause the error.
Hope this helps someone ;-)
The customer I'm working with is using self-signed SSL certificates as part of a Connections 2.0 pilot install. Using the process documented in the Infocenter, plus Jon Mell's excellent install guide, this SSL config works fine with Firefox. However, with IE7 (which is their default browser), even importing the SSL cert into the browser still gave a "There is a problem with this website's security certificate" error, pointing to a certificate issued by "WebSphere Plugin Key" to "WebSphere Plugin Key". No matter what I did using the Integrated Solution Console (the new way of managing SSL with WAS6.1) I could not get rid of the error, even re-importing the self-signed cert into the plugin-key.kdb file.
However, after a lot of testing, this seems to be the way to get round this. Make a backup copy of the plugin-key.kdb file on the Connections server. Start the iKeyman utility (in \ibm\websphere\appserver\bin). Open the plugin-key.kdb file (in \HTTPServer\Plugins\config\webserver1 usually), the password is usually WebAS. In Personal Certificates, you will see a cert labelled "Websphere Plugin Key". If this is the only key in Personal Certificates, this is your problem. To resolve, click "New Self-Signed", label the new cert "Self-signed Plugin cert" or similar, ensure the hostname is correct, mark it as the default certificate and click OK. Close the key database file. Stop and restart the HTTP server.
IE7 will still prompt for the self-signed certificate, but this can be saved and installed into the browser so that it does not prompt in future. The Websphere Plugin Key will no longer cause the error.
Hope this helps someone ;-)