Enable server to server secure communications (optional)
By default, IBM Traveler uses regular TCP sockets for communication between the IBM Traveler server and the HTTP server, as well as for communications between the IBM Traveler servers within an HA pool.
It may be desirable to use secure sockets for this communication if the networking between the IBM Traveler servers is not isolated or secure. Note that requiring secure server to server communications will impact overall performance.
- To generate a self-signed certificate with an expiration date far in the future, use the
following
example:
<domino>\jvm\bin\keytool -genkey -v -alias "Traveler" -validity 9999 -keystore traveler.jks -storepass <password> -keypass <password>
Note: For IBM® i, the keytool is located at:/QOpenSys/QIBM/ProdData/JavaVM/jdk80/32bit/bin
or/QOpenSys/QIBM/ProdData/JavaVM/jdk80/64bit/bin
It is recommended you use the same password for the
storepass
and thekeypass
. If the password parameters are omitted, the keytool will prompt for them. - Copy the
traveler.jks
that was just created to each server. A suggested location is<domino data>\traveler\cfg
. It is important for the servers to use the same certificate file, so the keytool command should not be run on each server. - Open a command prompt.
- Change the directory to
<domino data>\traveler\util
. - Run
travelerUtil
to configure IBM Traveler to use SSL:travelerUtil ssl set keystore=<domino data>\traveler\cfg\traveler.jks key=<password>
Specify the same password that was used for the
storepass
andkeypass
parameters with the keytool command.
After making these changes, both the Traveler task and the HTTP task must be restarted on the IBM Traveler Server. When the IBM Traveler server restarts, it will use SSL sockets to communicate with other IBM Traveler servers.
Repeat these steps for each IBM Traveler server in the pool. All the IBM Traveler servers in the pool must be configured the same way; otherwise, they will not be able to communicate with each other.