Eventhough NSFDB2 is virtually dead...

... someone still keep downloading my presentation from DominoPoint Day 2 . Amazing!

P.S.
And Elvis and MJ are still alive too ;-)

Steve Jobs effective style

Updates on consuming Web Services over HTTPS

Following the post I made some time ago, Alessandro sent me an update about his own tests: Alessandro, thanks for sharing it with us .

*****
Hi, after a lot of testing, a lot of reading IBM documentation and a lot of sleepless nights on the matter described in my post above, I come to do some tests  on the Portlet Factory (it retrieved the WSDL without problems after putting the certificate in the /lib/securitycacert file) and I got a hunch: "Does the domino client have a cacert file in his JVM?"

This morning I looked into the JVM directory and I found it in \CLIENTDIR\jvm\lib\security, so, using the ikeyman.exe program in \CLIENTDIR\jvm\bin I added the certificate (in binary format) to the repository and I tried to import the WSDL in my database: I was required to accept the cross certification and after that it was imported: a piece of cake!

Please not that I'was trying to import a WSDL to obtain Lotus Script Code (NOT JAVA)!

Well, I think that this is a little bug in the client architecture because this it happens only with certificate that are issued by a NOT TRUSTED authority (with a trusted authority it works as documented (with the cross-certification only)). I think that when the certificate is not trusted something goes wrong in the code and it looks for it in the cacerts too and, obviously, it cannot find the certificate... so it raises an error!

I hope that this can be useful!

Alessandro Bignami
Domino developer at ZEL S.r.L.

Consuming Web Services over a self-certified HTTPS web server

Every now and then I take a look to Web Service implementation in Domino Designer, especially since  Designer allows us to develop Web Service Providers using LotusScript or Java.

I don't know if Web Services are or will be successfully, but for sure I like the big picture surrounding them.

Some times ago I tried to consume a Web Service from Jajah voip company: first I tried using LS, but later I had to use Java to overcome LS limitations about name length limits.

Unfortunately even with Java I found problems because the Web Service had to be consumed over a SSL channel (HTTPS) but the remote web server certificate was a self-certified one, so my script simply crashed because the certificate was not trustable... I could not find an easy way to trust/import the that web server certificate.

I gave up with it and decided to use MS Soap client via COM object in a LS agent, successfully. Shame... ;-)

Today I tried for the first time to have a look back to the subject, so on VMware box I installed a brand-new Domino 8.5.1 server with a running self-certified web server certificate.
After that, I published a "calculator" Web Service with just a SUM() function available, just using a LS class.

On the "client" side, I used Designer 8.5.1 to consume that "remote" web service:

1. I created a Web Service consumer choosing Java as programming language and specifying the remote WSDL file via a HTTPS url
2. I also created a Java agent and imported the previous Java classes generated by the Web Service Consumer procedure, just to run a remote SUM function
   

When I tried step 1 to retrieve the WSDL file of the remote web server, I was surprised to see a pop-up window asking me to cross-certify the Internet certificate!

Of course I accepted to cross-certify it and run the client Java agent to consume the remote Web Service via https. I worked!

Ok, I decided to have a look inside the local names.nsf, inside the Certificates view and I could find the following entry:

Well, I decided to remove the certificate and run my Web Service consumer again: as expected, I got the following error on my Designer Java console:

WebServiceEngineFault
 faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
 faultSubcode:
 faultString: Error connecting to 'ced75temp.ciemme.loc' on port '443', SSL invalid certificate, may need to cross-certify.
 faultActor:
 faultNode:
 faultDetail:

Error connecting to 'ced75temp.ciemme.loc' on port '443', SSL invalid certificate, may need to cross-certify.
    at lotus.domino.axis.InternalFault.makeFault(Unknown Source)
    at lotus.domino.axis.transport.http.HTTPSender.invoke(Unknown Source) .......

Well, I decided to make another test:

• I removed the certificate from the local names.nsf
  
• I run the wizard to import the Web Service WSDL file and try to force the Designer to show (once again) the Internet cross-certificate pop-up window

No way, the pop-up window did not show again and the Java agent did not run successfully!

So, how to "manually" cross-certifiy an Internet certificate?

After some googling I find out the IBM following page and followed instructions from paragraph "From an Internet server": finally I could successfully  run my client Java agent consuming the remote Web Service.

Follow what I did in the following screen shots
:

 

 

 

Have fun and let me know if it's working for you too.

Free music from IBM

I answered a IBM questionnaire and I received a free song from iTunes for my iPhone.
That's nice.

When a Lotus Administrator ID expires....

...Gregg saves your day!
SnTT - Administrator ID Has Expired

Thanks Gregg.

Speeding up Firefox browser

It was useful for me (so far), take a look to this add-on:
Vacuum Places Improved

I also took a look to the add-on comment stating to enable "compact databases" option for Firefox  inside the CCleaner utility.