I'm currently building a .NET webapi service that is supposed to be used by IBM Notes. The connection in the final product is supposed to be a call from a domino server to the webapi using a java agent over https.
Up until now I've been using http communication between the two, easy enough.
But now I wanted move to https instead, so I created a self-signed certificate and inserted it into IIS using a guide from Jayway.com from Elizabeth Andrews.
After some tweaking I got it working and my self signed certificate is trusted by the os.
The cert is:
SHA512 RSA2048bit
I found this "guide" on how to insert the certificate into the cacerts store in notes: http://www-01.ibm.com/support/docview.wss?uid=swg21588966 although working on the client and this guide is for server a assumed the jvm would work the same on both.
After this i tried a simple https call inside a java agent in the fashion shown here: http://www-10.lotus.com/ldd/ddwiki.nsf/dx/Connecting_to_a_Domino_server_over_SSL_in_Java_using_a_self_signed_certificate._
Now my problem is that the code works when run as a java project, but when running the code as a notes agent I get this exception:
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: No trusted certificate found
If there is anyone who would like to nudge me in the right direction i would be very grateful.
Your Domino server has a directory called names.nsf in which it stores (inter alias) the credentials it trusts. This natively includes the root certificates of the major certificate vendors such as Verisign & co.
Two options here : - go pro and buy a certificate from a well-known vendor - or import your own self-signed certificate in the Domino repository.