Enable server to server secure communications (optional)
By default, HCL Traveler uses regular TCP sockets for communication between the HCL Traveler server and the HTTP server, as well as for communications between the HCL Traveler servers within an HA pool.
It may be desirable to use secure sockets for this communication if the networking between the HCL Traveler servers is not isolated or secure. Note that requiring secure server to server communications will impact overall performance.
- To generate a self-signed certificate with an expiration date far in the future, use the
following
example:
<domino>\jvm\bin\keytool -genkey -v -alias "Traveler" -validity 9999 -keystore traveler.jks -storepass <password> -keypass <password>
Note: For IBM® i, the keytool is located at:/QOpenSys/QIBM/ProdData/JavaVM/jdk80/32bit/bin
or/QOpenSys/QIBM/ProdData/JavaVM/jdk80/64bit/bin
It is recommended you use the same password for the
storepass
and thekeypass
. If the password parameters are omitted, the keytool will prompt for them. - Copy the
traveler.jks
that was just created to each server. A suggested location is<domino data>\traveler\cfg
. It is important for the servers to use the same certificate file, so the keytool command should not be run on each server. - Open a command prompt.
- Change the directory to
<domino data>\traveler\util
. - Run
travelerUtil
to configure HCL Traveler to use SSL:travelerUtil ssl set keystore=<domino data>\traveler\cfg\traveler.jks key=<password>
Specify the same password that was used for the
storepass
andkeypass
parameters with the keytool command.
After making these changes, both the Traveler task and the HTTP task must be restarted on the HCL Traveler Server. When the HCL Traveler server restarts, it will use SSL sockets to communicate with other HCL Traveler servers.
Repeat these steps for each HCL Traveler server in the pool. All the HCL Traveler servers in the pool must be configured the same way; otherwise, they will not be able to communicate with each other.