Installing and configuring

To install and configure HCL Verse™ on a Domino® mail server, complete the following steps.

Before you begin

Make sure that your Domino server meets the system requirements.
Note: As of release 1.0.8, VOPDesign.nsf has been removed from the kit. Ensure your user's mail files are on the mail template from Domino 9.0.1 FP9 or later.
For information about the benefits and requirements of a high-availability (HA) Verse deployment that leverages a proxy to distribute requests across Domino servers, see the article Configuring a Proxy for HCL Verse High Availability on the Support site. This article includes a case study using a F5 BIG-IP LTM virtual appliance as the proxy technology and LTPA based Domino authentication for SSO.

Procedure

Enable HCL iNotes on the Domino® server. Make sure that you run the HTTP server task and that you configure iNotes® settings. See the topic Configuring iNotes in the Domino documentation..
Register users as iNotes® users. See the topic Registering iNotes users in the Domino documentation.
To ensure that international characters are displayed correctly, configure the Web server to use UTF-8 for output:
1. In the Domino® Directory, open the Server document in edit mode.
2. Click the Internet Protocols tab and then the Domino Web Engine tab.
3. In the Character Set section for Use UTF-8 for output, select Yes.
Or, if you use a Web Site document, see the topic Specifying the character set to use when retrieving Web pages in the Domino documentation.
Create full-text indexes on mail files, if they don't already have them. For information, see the topic Full-text indexes for single databases in the Domino documentation.
Configure the following notes.ini settings on the Domino® server:
```
HTTPJVMMaxHeapSize=2048M
HTTPJVMMaxHeapSizeSet=1
```
If the settings don't exist, add them. If they exist, make sure that they have these values.
Enable SSL on the Domino® server. Verse™ requires HTTPS and a valid certificate. Follow the instructions Generating a keyring file with a third party CA SHA-2 cert using OpenSSL and KYRTool on a Windows™ workstation in this article on the HCL Customer Support site.
Note:
- If you are using a proxy server in front of the Domino server, it is the proxy server that needs to support HTTPS and have a valid certificate.
- Make sure the SSL key file name field matches the file name that you created. For more information see the description of the Key Ring File Name field in the topic Creating a server key ring file in the Domino documentation.
- Domino 11 ships a version of KYRTool. For other versions of Domino, you can get a version of the tool from here on the HCL Support site.
Make sure the SSL port status is enabled. For more information, see the topic Modifying Web server Internet port and protocol settings in the Domino documentation.
Make sure that you configure the ID vault on the Domino® server and that you assign Verse users to the vault. An ID vault is required so users can read and send signed or encrypted messages. For information, see the topic Notes ID vault in the Domino documentation.f

Note: In the ID vault tab of the Security Settings document that you use to assign users to the vault, select the option Allow Notes-based programs to use the Notes ID vault.
Make sure that users have valid Internet addresses in their Domino® directory Person documents:
1. Open the Person document.
2. On the Basics tab, verify that the Internet Address field contains a valid address for example, sdaryn@renovations.com.
Extract the files from the Verse™ package. The package contains the following files:
```
HCL_Verse_On_Premises.zip
iwaredir.ntf
readme.zip
```
Stop the Domino Web server. From the server console, enter:
```
tell http quit
```
If a previous version of Verse™ is installed, delete the existing Verse™ jar files from one of the following directories, depending on how product was installed:
```
<Domino program directory>/osgi/shared/eclipse/plugins
```
or
```
<Domino data directory>/domino/workspace/applications/eclipse/plugins 
```
Use the wildcard syntax "*-1.0.*-0.0-*.jar", core-1.0.*.*.jar and servlet-1.0.*.*.jar to ensure that only the Verse jar files are removed.
Extract the contents of the HCL_Verse_On_Premises.zip file to the following directory:
<Domino data directory>/domino/workspace/applications

<Domino data directory> is typically:
HCL\Domino\Data (Windows)
/local/notesdata (Linux)
Note: Extract with the directory structure intact. After extraction, the Verse .jar files should be in the following directory:
```
<Domino data directory>/domino/workspace/applications/eclipse/plugins 
```
Note: As of Verse 1.0.6, there are just four .jar files, fewer than in previous versions.
Copy iwaredir.ntf to the Domino data directory.
If there isn't a redirector database, create one using the iwaredir.ntf template that you copied to the data directory. For more information, see Using iNotes® Redirect to access mail in iNotes® in the Domino documentation. Otherwise, replace the design of the existing redirector database using the new iwaredir.ntf template that you copied to the data directory:

Note: This version of the redirector template includes translations for English, Chinese (China), Chinese (Taiwan), French, German, Italian, Japanese, Korean, Portuguese (Brazil), and Spanish.
1. From HCL Notes®, open the redirector database on the server. The default file name is iwaredir.nsf.
2. Click File > Application > Replace Design.
3. Select the new iwaredir.ntf template that you copied to the data directory.
4. Click Replace and click Yes.
On the redirector database UI Setup page, select options to enable users to log on to Verse:
If you use Domino to authenticate:
- Enable Personal Options? No
- Enable Login Options? Yes
- Enable HCL Verse? Yes
If you use SAML to authenticate:
- Enable Personal Options? No
- Enable SAML Options? Yes
- Select Default Mail Application Verse
Note: The option Enable HCL Verse? is not applicable for SAML authentication.
Set your server's home URL to either /verse or /iwaredir.nsf?open. For more information, see the topic Configuring HTML, CGI, icon, and Java files for Web Site documents in the Domino documentation.
If you are upgrading from the previous release, simply start the Domino Web server. From the server console, enter:
```
load http
```
If you are setting up Domino for the first time, you may need to stop and restart the server:
```
restart server
```
If there is not a credential store application on the server, run the following commands at the Domino® console to create one. The first command creates a document encryption key to be used for authentication that is called credstore. The second command creates the application credstore.nsf to store the encryption key.
```
keymgmt create nek credstore
keymgmt create credstore credstore
```
If the mail servers are in a cluster, complete the following steps to configure the credential store on each additional server:
1. From the server console of the server on which you created credstore.nsf, enter the following command to export the encryption key to a file in the Domino data directory:
```
KEYMGMT export nek credstore <keyname>.key <password>
```
  For example:
```
KEYMGMT export nek credstore NameVerseKey.key Password
```
2. Copy the key file to the data directory of each Domino cluster member.
3. From the server console of each Domino cluster member, enter the following command to import the encryption key:
```
KEYMGMT import nek <keyname>.key <password>
```
  For example:
```
KEYMGMT import nek NameVerseKey.key Password
```
  You see this response:
```
NEK credstore - Fingerprint XXXX XXXX XXXX XXXX XXXX XXXX
NEK credstore imported successfully
```
4. Create a replica of credstore.nsf from the initial server to all Domino cluster members.
To confirm that Verse™ works, have a user with a mail file on the server complete these steps:
1. From a browser, go to https://domino_hostname/verse.
2. Log in.
3. Verify that you see the Verse user interface.