Setting up the Web Navigator to retrieve pages on sites secured by TLS

For users to access Web sites that are secured by TLS, you must set up the Web Navigator to retrieve pages on these sites. The Web Navigator server does not need to use TLS in order to retrieve pages from a Web site that uses TLS.

About this task

To set up the Web Navigator server for TLS, do the following:

  • Store the Web site's TLS certificate in the Domino® Directory on the Web Navigator server.
  • Enable the HTTPS protocol on the Web Navigator server as an Internet service.

The Web Navigator supports sites that have TLS certificates issued by the RSA Certificate Authority (CA), so you do not need to obtain the Web site's TLS certificate if it was issued by the RSA CA. If the Web site does not have a certificate issued by the RSA CA, you must obtain the Web site's certificate and add it to the Domino® Directory on the Web Navigator server. Obtaining the certificate from a secure location ensures that the certificate you receive is valid and creates an optimally secure environment by allowing access only to servers with which you share a valid certificate.

Although not recommended, you can set up Web Navigator to add the Web site's TLS certificate automatically to the Domino® Directory. Set up this way, the Web Navigator allows users to access pages on any Web site that uses TLS, even if the Domino® Directory does not already contain the certificate. This approach allows easy access for users, but compromises the security of the data sent by users, since the server does not verify the identity of the remote server before allowing the user to access it.

To add specific certificates

Procedure

  1. Identify the certificate required by the secured Web site by browsing to the site and obtaining the certificate name.
  2. Use a Notes® workstation to obtain a trusted root certificate and merge the certificate for the CA into the Domino® Directory.
  3. On the Server Tasks > Web Retriever tab of the Server document, select HTTPS for the Services field.

To add certificates automatically

Procedure

  1. From the Domino® Administrator, click the Configuration tab, and then open the Server document for the Web Navigator server.
  2. Click the Ports > Internet Ports tab and choose Yes for the Accept TLS site certificates field
  3. Click the Server Tasks > Web Retriever tab, and choose HTTPS for the Services field, and then save the document:

What to do next

You can view the certificates from the Domino® Administrator. Click the Configuration tab, and choose Miscellaneous > Certificates. Certificates display in the Internet Cross Certificates category.