Domino server rating from F to A+ in seconds

Requirements:
Server running 9.0.1 FP4 and up

Background:
Running SSL Labs test on https://www.ssllabs.com/ssltest/index.html
Gives You low rating

Mission:
Increase rating

Step1:
Gather OCSP information
Goto Site and View certificate

Go to Intermediate certificate next to Your own and View Certificate

Go to Details and Authority Information and under Alternative name write down the URL.
In our case it is http://ocsp.starfield.com/

Step2:
Update notes.ini from console with the following, remember to replace the value of OCSP_RESPONDER with Your value from Step1.!!

set config DISABLE_SSLV3=1
set config HTTP_HSTS_MAX_AGE=17280000
set config HTTP_HSTS_INCLUDE_SUBDOMAINS=1
set config SSL_ENABLE_OCSP_STAPLING=1
set config OCSP_RESPONDER=http://ocsp.starfield.com/
set config OCSP_CLOCKSKEW=10
set config OCSP_LOGLEVEL=31
set config SSLCipherSpec=C030009FC02F009EC028006BC0140039C0270067C013

Step3:
Restart HTTP task with following command:
restart task http

Now You can test Your server again and everything should be running fine

Revisit: Wildcard SSL certificate from P12/PFX file into Domino

Original document is here: http://www.infoware.eu/?p=7226
The objective of this article is to provide an example on how to  do this with hopefully no discussions and no questions unanswered. Of course this example is based on a particular situation with a special certificate provider but can hopefully be translated to any other situation with other certificate authorities.
Wrote an earlier article, this is an update

Contents
1. Assumptions
2. What do I need
3. OpenSSL
4. Kyrtool
5. Syntax
6. Example
7. Implement the files on the server
8. Check out if it works
9. Important note
10. Conclusion

Assumptions:
Running Windows 64 bits (directory separator = \)
PFX file contains both certificate, intermediate and root certificates
Domino server running 9.0.1 FP3

What do I need:
1. An exported P12/PFX file from in my case IIS, containing the wildcard certificate private key as well as the certification path to it.

2. OpenSSL:
Homepage: https://www.openssl.org/source/
Easy precompiled: https://slproweb.com/products/Win32OpenSSL.html
The one I used: http://slproweb.com/download/Win64OpenSSL-1_0_2g.exe

3. Kyrtool:
Fixcentral short: http://ibm.co/1SAYX5E
Fixcentral long: http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ELotus&product=ibm/Lotus/Lotus+Domino&release=9.0.1.2&platform=All&function=fixId&fixids=KYRTool_9x_ClientServer&includeSupersedes=0

Syntax:
<ossldir> = Where you installed OpenSSL eg. C:\OpenSSL-Win64
<pfxdir> = Where you have placed your pfxfile
<pfxfile> = Name of your pfxfile eg. wildcard_acme_com.pfx
<pfxpassword> = Password to your pfxfile
<pemdir> = Where you have placed your pfxfile
<pemfile> = Name of your pfxfile eg. wildcard_acme_com.pem
<notespgmdir> = Notes or Domino program directory, minimum 9.0.1 FP3
(assumes that notes program directory is in your path, if not execute from program directory)
<kyrdir> = Directory where you want to put your kyrfile
<kyrfile> = Name of your kyrfile eg. wildcard_acme_com.kyr
<kyrpassword> = Password to your kyrfile

Check your pfx file:
<ossldir>\bin\openssl pkcs12 -info -in <pfxdir>\<pfxfile>
use <pfxpassword> when asked (nothing on PEM)

In general:
1. <ossldir>\bin\openssl pkcs12 -in <pfxdir>\<pfxfile> -out <pemdir>\<pemfile> -nodes -chain
use <pfxpassword> when asked (nothing on PEM)
2. <notespgmdir>\kyrtool create -k <kyrdir>\<kyrfile> -p <kyrpassword>
3. <notespgmdir>\kyrtool import all -k <kyrdir>\<kyrfile> -i <pemdir>\<pemfile>
Check in general:
1. <notespgmdir>\kyrtool show certs -k <kyrdir>\<kyrfile> >kyrcerts.txt
2. <notespgmdir>\kyrtool show keys -k <kyrdir>\<kyrfile> >kyrkeys.txt
3. <notespgmdir>\kyrtool show roots -k <kyrdir>\<kyrfile> >kyrroots.txt

Example:
1. C:\OpenSSL-Win64\bin\openssl pkcs12 -in C:\mypfxfiles\wildcard_acme_com.pfx -out C:\mypemfiles\wildcard_acme_com.pem -nodes -chain
use <pfxpassword> when asked (nothing on PEM)
2. C:\IBM\Lotus\Domino\kyrtool create -k C:\mykyrfiles\wildcard_acme_com.kyr -p password
3. C:\IBM\Lotus\Domino\kyrtool import all -k C:\mykyrfiles\wildcard_acme_com.kyr -i C:\mypemfiles\wildcard_acme_com.pem
Check sample:
1. C:\IBM\Lotus\Domino\kyrtool show certs -k C:\mykyrfiles\wildcard_acme_com.kyr >wildcard_acme_com_kyrcerts.txt
2. C:\IBM\Lotus\Domino\kyrtool show keys -k C:\mykyrfiles\wildcard_acme_com.kyr >wildcard_acme_com_kyrkeys.txt
3. C:\IBM\Lotus\Domino\kyrtool show roots -k C:\mykyrfiles\wildcard_acme_com.kyr >wildcard_acme_com_kyrroots.txt

Implement the files on the server
1. Copy kyr file and the associated sth file to the server
2. Add the kyrfile name to your internet sites document or server document depending how your server is configured
3. Modify the cipher part
4. Make sure the SSL port is enabled in the Internet Ports.. section
5. Restart your http task on the server, use sh ta onl and check that http listens to both 80 and 443

Check out if it works
1. Use your browser and connect to your server via https
2. Look at your certificate information
3. Congratulations

Important note:
Following this means that especially the pem file is unprotected, therefore make sure that keep it in a safe place during this and maybe deleting it afterwards. Same goes for kyrfile (you can not delete them but keep them as safe as you can) as they contain private key.

Conclusion
Doing this task is not more complicated than any other task that involves certificates using any other platform.

Link to this document: http://www.infoware.eu/?p=7226

Wildcard SSL certificate from P12/PFX file into Domino (SHA2 as well)

New article on this here
(Moved this page to our new blogsite http://www.infoware.com/?p=1592)
Just made a key file from scratch using a file exported from another webserver.
I am using iKeyman for Sametime/Connections and the tools provided by Domino all the time, but this is explicitly to describe the process of using already bought wildcard certificates used by other parts of your organisation and extending the use of them to also include Domino servers, instead of having to request a new wildcard certificate just for Domino and paying the certificate authority one more time. Of course you must follow the agreement made on how many servers you can use the certificate for, but still it gives you the option of not paying more than one time and include your Domino servers in the same package.

This article http://www.turtleweb.com/turtleblog.nsf/dx/11022009232215GDAVGR.htm?opendocument&comments and the comments as well as discussion on notesnet
http://www-10.lotus.com/ldd/nd8forum.nsf/Customer/59aad6f8ac81d8648525744900202ad1?OpenDocument provided me with information to start with.

The objective of this article is to provide an example on how to  do this with hopefully no discussions and no questions unanswered. Of course this example is based on a particular situation with a special certificate provider but can hopefully be translated to any other situation with other certificate authorities.

Because of the nature of this instruction a PDF file will be provided to use as a checklist. I highly recommend using this (screenshotsforblogP12)

Contents
1. What do I need
2. Import your P12/PFX file into your browser
3. Export root and any intermediate certificates to file
4. Run iKeyman to create new kyrfile and then Add and Import certificate information
5. Check your file and add sth file to enable it for Domino use
6. Implement the files on the server
7. Check out if it works
8. Conclusion

What do I need:
1. One instance of a 32 bit Windows operating system, I used 32 bit Windows XP running on my laptop with VMware 10. You can not use 64 bit Windows for this task.
2. GSK5 that you can download from http://www-01.ibm.com/support/docview.wss?uid=swg21615277&aid=1. This should be unzipped inside your XP virtual machine.
Source: http://www-01.ibm.com/support/docview.wss?uid=swg21615277
3. An exported P12/PFX file from in my case IIS, containing the wildcard certificate private key as well as the certification path to it, more on this later on.

Import your P12/PFX file into your browser
This should contain private key as well as all certificates in the certification path if possible.
Open the file with Crypto Shell Extensions and Import into your browser, to import you need a password provided by the administrator that exported the file.
Examine the newly imported certificate in Internet Explorer under Content\Certificates..\Personal
View the certificate and each certificate in the path and write down the labels to easily find them under Intermediate… and Trusted Root… later as well as using them inside iKeyman when labelling them.

Export root and any intermediate certificates to file
Find the different certificates under Intermediate Certification Authorities or Trusted Root Certification Authorities using the labels noted in the step above.
Export them to file.

Run iKeyman to create new kyrfile and then Add and Import certicate information
You must be Administrator on your machine to run this, make sure you are.
Go to the directory where you unzipped your files in a Command Prompt.
1. notepad readme.txt and read it
2. gskregmod.bat Add
3. runikeyman.bat
4. Create new keyring file
5. Add Signer Certificates from the earlier exported Trusted Root and any Intermediate in this order starting with the top meaning trusted Root first and then Intermediate.
6. Import Personal Certificates using the first provided P12/PFX file
7. View this key information to make sure that it is looking good.

Check your file and add sth file to enable it for Domino use
1. Copy the kyr file to your data directory on the notes client
2. Open or create the Server Certificate Admin application
3. View & Edit Key Rings
4. Select key Ring to Display and check that you can read it using the password set by you earlier.
5. Change Key Ring Password and follow the procedure
6. Check that you have received an sth file with the same name as the kyr file in your data directory
7. Check your certificate in Server Certificate Admin

Implement the files on the server
1. Copy both files to your servers data directory
2. Add the kyrfile name to your internet sites document or server document depending how your server is configured
3. Modify the cipher part
4. Make sure the SSL port is enabled in the Internet Ports.. section
5. Restart your http task on the server, use sh ta onl and check that http listens to both 80 and 443

Check out if it works
1. Use your browser and connect to your server via https
2. Look at your certificate information
3. Congratulations

Conclusion
Doing this task is not more complicated than any other task that involves certificates using any other platform.
Domino can use the same wildcard certificates already used by others, you do not have to pay twice.
Use the checklist with screenshots included above to make sure that you understand the instructions.screenshotsforblogP12
I think IBM needs to either change Domino server SSL implementation to use the same files for this as the rest of IBM products, meaning same structure as eg. WebSphere Application Server or it must include support for Keyring files into the latest versions of GSK. Keeping instances of old operating systems for this task only could not be a good solution.
Also got this working with SHA2 and my internal Domino 9 server, but then I had to work with multiple GSK kits, but ended up with a valid kyr file. This is not documented here, but I could do it if it is still interesting after this Poodle issue. I guess not, because TLS is more important now.
OK here we go, Instead of creating a kyr file directly under Windows XP I first created a CMS – kbd file with the GSK kit provided by IBM HTTP servers, that I had on another server. Then I copied the kbd file into Windows XP and GKS kit version 5 and opened it there and saved as kyr file and then proceeded to:
1. Copy the kyr file to your data directory on the notes client

Link directly to this document: http://www.infoware.com/?p=1592

IBM Notes 9.0 and Ubuntu 64

(Moved this to our new blogsite http://www.infoware.com/?p=1106)
Background
Customer running 64 bit Ubuntu 12.04 LTS as their primary client platform.
Customer wants Notes 9.0 to be their primary collaboration client.

I googled on this and got no satisfactory solution for implementing this in a corporate production environment as all of the solutions were using force to install and some ended up with broken dependencies and so on.
The goal for me was to install this without broken dependencies and a fully functional operating system without warnings inside update manager.

Requirements
To install Notes 9 in Ubuntu 64 I’m assuming the following:

1. You are using an administrative account and you are using Ubuntu 12.04 LTS 64 bit

2. No other Notes installations are present to begin with.
To check out if there are any other ibm/lotus installations present use the following command in a terminal window (open it an expand it to see all information):
sudo dpkg -l ‘ibm*’:i386 | grep ii (in 32 bit it is sudo dpkg -l ‘ibm*’ | grep ii)

If you have earlier installations you should be able to uninstall them one by one with the following:
sudo dpkg -r <packagename>
sudo dpkg –purge <packagename>

Unpack
Unpack your downloaded tar files and extract the file ibm-notes-9.0.i586.deb to ibm-notes-9.0.i586 folder and the rename ibm-notes-9.0.i586.deb to original-ibm-notes-9.0.i586.deb

Change the package
Go into the ibm-notes-9.0.i586 folder and into the DEBIAN folder
(here it is a good idea to show hidden files, done by pressing Ctrl+H while in file browser)
Open the file control in edit mode and remove the following:

gdb, coreutils, unzip, bash, procps, grep, sed,

from the Depends line, control file should now look lihe this:

Screenshot from 2013-07-26 11:38:18save the file and leave the editor

If you have a hidden file called control~ after editing the actual control file delete the file control~

NOTE: To keep things clean inside your packages always show hidden files and all files created with the ~ ending should be deleted before recompiling the package.

Before creating the new package you should also consider to change the file plugin_customization.ini that is located under the same folder ibm-notes-9.0.i586 but under opt/ ibm/notes/framework/rcp to make it more customized for your needs. See example further down in this document.

Repacking/compressing the new package
Now in a terminal window go to the folder where you first unpacked your tar file.
In that folder the ibm-notes-9.0.i586 folder should now be available and the file ibm-notes-9.0.i586.deb must not be there. Issue the command:

sudo dpkg-deb -b ibm-notes-9.0.i586

If everything goes well a new ibm-notes-9.0.i586.deb file is created.

Installing files that installation depends on
Now, still present in the control file inside the package there are still dependencies that must be installed before proceeding with the installation of the Notes 9.0 client. This is also true for the 32 bit version of Ubuntu even if the deb file doesn’t need to be changed there.

Install for 64 bit dependencies
In a terminal window issue the command:

sudo apt-get update; sudo apt-get install ia32-libs libgnomeprint2.2-0:i386 libgnomeprintui2.2-0:i386 libbonobo2-0:i386 libbonoboui2-0:i386 libgconf2-4:i386 libgnome-desktop-2-17:i386 libgnomevfs2-bin:i386 libgnomeui-0:i386 libjpeg62:i386 libpam0g:i386 libxkbfile1:i386 ttf-xfree86-nonfree t1-xfree86-nonfree -y

or if you want to put it inside a script:
(if the script is already in sudo, remove sudo before apt-get)

sudo apt-get update
sudo apt-get install ia32-libs -y #NOT to be used in 32 bit Ubuntu
sudo apt-get install libgnomeprint2.2-0:i386 -y
sudo apt-get install libgnomeprintui2.2-0:i386 -y
sudo apt-get install libbonobo2-0:i386 -y
sudo apt-get install libbonoboui2-0:i386 -y
sudo apt-get install libgconf2-4:i386
sudo apt-get install libgnome-desktop-2-17:i386 -y
#sudo apt-get install libgnome-desktop-3-2:i386 -y #for 32 bit it works instead of 2-17
sudo apt-get install libgnomevfs2-bin:i386
sudo apt-get install libgnomeui-0:i386 -y
sudo apt-get install libjpeg62:i386
sudo apt-get install libpam0g:i386
sudo apt-get install libxkbfile1:i386
sudo apt-get install ttf-xfree86-nonfree
sudo apt-get install t1-xfree86-nonfree

Using this in 32 bit version the :i386 must be removed because it is already i386 also ia32-libs should NOT be installed in 32 bit version

Checking that there are no dependencies left
Install the program GDebi Package Installer from Ubuntu Software Center.
In a window Right click on the ibm-notes-9.0.i586.deb and choose Open With GDebi Package Installer.
Don’t use this to install only to see that there are no more dependencies left.
(you can use this to install but not to uninstall in 64 bit)

Installing the client
This is the commands to install but you can always choose to not install all of these features, but you must start with ibm-notes-9.0.i586.deb.

sudo dpkg -i ibm-notes-9.0.i586.deb
sudo dpkg -i ibm-cae-9.0.i586.deb
sudo dpkg -i ibm-feedreader-9.0.i586.deb
#sudo dpkg -i ibm-connections-4.5.0.i586.deb #See instructions further down
sudo dpkg -i ibm-activities-9.0.i586.deb
sudo dpkg -i ibm-sametime-9.0.i586.deb
sudo dpkg -i ibm-opensocial-9.0.i586.deb

As we all know the full Activities and Status Update package (IBM Connections Plug-ins for IBM Notes) is delivered as an update instead of being included in the activities package for Linux. The only thing included in the activities package is the Business card component. Further down in this document I will give an unsupported solution to install the “IC45PluginsforIBMNotes-20130517-1715.zip” as an install package directly instead of using provisioning to install it as a plug-in.

Uninstalling the client
Try to uninstall packages in reverse order from installing them this means ibm-notes-9.0.i586.deb goes last.Here are the commands to do this:

Check what is installed with sudo dpkg -l ‘ibm*’:i386
could look like this:
Screenshot from 2013-07-26 13:46:48

based on this uninstall looks like this
sudo dpkg -r ibm-notes:i386
sudo dpkg –purge ibm-notes:i386

Example of plugin_customization.ini
This example assumes that you are using Domino Directory and have Sametime Community in a separate Domain from the Domino Directory and using LDAP. Sametime is 8.5.2 IFR1 and with meeting proxy and so on. As for the Connections parameters in this it is only for hiding sidebars so that can install them but hide them by default. Connection configuration for the client could be done from Domino policys after this. The example gets you going with Notes client and Sametime in a SSO (if you have configured it correctly) scenario and you can build on this to do the same with Activities and Status Updates. This example also open up the Application install so that it is available for clients when needed. Sametime Community servers should also be able to respond to any client request coming on port 1352 regardless of the Domino server names as we are using them (clustered configuration) to authenticate the clients for SSO.

com.ibm.collaboration.realtime.bcs/skilltapServicePath=/bcsa/servlet/rpcrouter
com.ibm.rcp.esupport.client/defaultTaxCode=SSKTWP\!8\!5
com.ibm.collaboration.realtime.brokerbridge/startBroker=false
com.ibm.rcp.topologyhandler/hashCacheFilenames=true
com.ibm.rcp.provisioning/startupProgressRect=18,18,400,20
com.ibm.collaboration.realtime.webapi/startWebContainer=true
com.ibm.rcp.security.update/VERIFICATION_LISTENER=com.ibm.rcp.security.update.PromptVerificationListener
com.ibm.rcp.personality.framework/DISABLE_EXCEPTION_DIALOG=true
com.ibm.rcp.managedsettings/com.ibm.notes.desktopsets=com.ibm.notes.managedsettings.provider.PolicyProvider
com.ibm.rcp.esupport.client/defaultCollector=general.problem.noninteractive
com.ibm.esupport.autopd.ui/useSingleArchive=true
com.ibm.esupport.autopd.ui/showPortableCollector=false
com.ibm.collaboration.realtime.community/defaultAuthType=ST-DOMINO-SSO
com.ibm.rcp.provisioning/startupForegroundColor=000000
com.ibm.rcp.ui/HIDE_PANEL_com.ibm.rtc.meetings.shelf.ui.MeetingsShelf.shelfview=true
com.ibm.rcp.security.update/UNSIGNED_PLUGIN_POLICY=ALLOW
com.ibm.rcp.ui/HIDE_PANEL_com.ibm.collaboration.realtime.filteredbuddies.shelfview=true
com.ibm.rcp.ui/HIDE_PANEL_com.ibm.collaboration.realtime.primarybuddies.shelfview=true
com.ibm.rcp.provisioning/startupMessageRect=20,43,400,20
com.ibm.rcp.security.update/EXPIRED_SIGNATURE_POLICY=ALLOW
com.ibm.rcp.security.update/UNTRUSTED_SIGNATURE_POLICY=ALLOW
com.ibm.rcp.toolbox.admin/toolboxvisibleChild=false
# IBM Sametime Config
# Community Server
com.ibm.collaboration.realtime.community/name=<your COMMUNITY_ID>
com.ibm.collaboration.realtime.community/host=<your community server FQDN>
com.ibm.collaboration.realtime.community/defaultAuthType=ST-DOMINO-SSO
com.ibm.collaboration.realtime.community/loginByToken=true
com.ibm.collaboration.realtime.community/loginAtStartup=true
com.ibm.collaboration.realtime.login/autologin=true
com.ibm.collaboration.realtime.community/port=80
com.ibm.collaboration.realtime.community/connectionType=direct
# Sets timeformat
com.ibm.collaboration.realtime.chatwindow/showtimestamp=true
com.ibm.collaboration.realtime.chatwindow/timeformat=24
# Meeting Server
com.ibm.rtc.meetings.shelf/meetingServerHostName=<your meeeting server FQDN>
com.ibm.rtc.meetings.shelf/serverPort=443
com.ibm.rtc.meetings.shelf/useHTTP=false
com.ibm.rtc.meetings.shelf/useHTTPS=true
com.ibm.rtc.meetings.shelf/communityServerName=<your community server FQDN>
com.ibm.rtc.meetings.shelf/useCommunityCredentials=true
com.ibm.rtc.meetings.shelf/meetings.launchURLRichClient=true
com.ibm.rtc.meetings.shelf/instantMeetingShowDialog=true
com.ibm.collaboration.realtime.meetings/hasCamera=true
com.ibm.collaboration.realtime.meetings/hasSpeakers=true
com.ibm.collaboration.realtime.meetings/hasMic=true
com.ibm.collaboration.realtime.meetings/hideLegacyMeetingUI=true
# Handles the contact list conflict popup
com.ibm.collaboration.realtime.imhub/showBuddyListConflictDialog=false
com.ibm.collaboration.realtime.imhub/buddyListConflictPref=replaceLocal
# Activates chat logging
com.ibm.collaboration.realtime.chat.logging/logging.default=2
com.ibm.collaboration.realtime.chat.logging/logging.enabled=true
com.ibm.collaboration.realtime.chat.logging/logging.service=service.notes
com.ibm.collaboration.realtime.chat.logging/firsttime.askprefs=true
# Handles the a media manager popup error message
com.ibm.collaboration.realtime.telephony.softphone/suppress.failed.sip.registration=true
# Path for file transfer
com.ibm.collaboration.realtime.filetransfer/saveFileLocation=\\SametimeFileTransfer
# IBM Connections Config
com.ibm.rcp.ui/HIDE_PANEL_com.ibm.workplace.ae.client.views.AESideShelfView=true
com.ibm.rcp.ui/HIDE_PANEL_com.ibm.lconn.statusupdates.ui.shelfview=true
# Status Updater Fix to show profile pictures
com.ibm.lconn.statusupdates/download.image.enabled=true
# Fix Getting Started page
com.ibm.rcp.jfaceex/overrideAutoStart=com.ibm.rcp.gettingstarted.GettingstartPerspective
# Install Application Menu
com.ibm.notes.branding/enable.update.ui=true

IBM Connections Plug-ins for IBM Notes as an installer instead of a plug-in (unsupported solution but still nice to have)

Extract IC45PluginsForIBMNotes-20130517-1715.zip and go into the updateSiteforLinux folder and copy the file updateSite.zip to folder of your choice where you want to work with it.
Copy the file ibm-activities-9.0.i586.deb (from the installation kit) to the same folder as the above updateSite.zip where copied to.

Extract the ibm-activities-9.0.i586.deb to the ibm-activities-9.0.i586 folder
Rename the ibm-activities-9.0.i586 folder to ibm-connections-4.5.0.i586

Go into the folder ibm-connections-4.5.0.i586 and delete all files in features and plugins folders in the opt/ibm/notes/framework/shared/eclipse sub three but leave the folders.

Extract the updateSite.zip to the updateSite folder.
Extract all of the jar files in the features folder.Move all of the newly crated folders into the features folder of ibm-connections-4.5.0.i586 above.
Copy the jar files from the updateSite plugins folder to the plugins folder of ibm-connections-4.5.0.i586 above

Go into the DEBIAN folder of ibm-connections-4.5.0.i586
Open the file control in gedit and change:
Package: ibm-connections-plugin
and
Version: 4.5.0.20130224-1730
save the file and leave the editor.

Change the contents of 2 files in the following folder of ibm-connections-4.5.0.i586:
/opt/ibm/notes/framework/rcp/deploy folder contains 2 xml files that needs to be changed:
install.ibm_activities.xml
and
uninstall.ibm_activities.xml

Replacing the content of install.ibm_activities.xml

<?xml version=”1.0″?>
<ibm-portal-composite>
<domain-object name=”com.ibm.rcp.installmanifest”>
<object-data>
<install version=”4.5.0.20130224-1730″>
<installfeature mergeaction=”add” require=”true” default=”false” description=”%Activities.description” id=”Activities” name=”%Activities.name” required=”false” show=”true” version=”4.5.0.20130224-1730″>
<requirements>
<feature id=”com.ibm.lconn.client.bizcard.feature” version=”4.5.0.20130224-1730″ shared=”true” action=”install” download-size=”2452″ match=”greaterOrEqual” mergeaction=”add” size=”2101″/>
<feature id=”com.ibm.lconn.statusupdates.feature” version=”4.5.0.20130224-1730″ shared=”true” action=”install” download-size=”2452″ match=”greaterOrEqual” mergeaction=”add” size=”2101″/>
<feature id=”com.ibm.lconn.client.activities.nl.feature” version=”4.5.0″ shared=”true” action=”install” download-size=”2452″ match=”greaterOrEqual” mergeaction=”add” size=”2101″/>
<feature id=”com.ibm.lconn.client.activities.feature” version=”4.5.0.20130224-1730″ shared=”true” action=”install” download-size=”2452″ match=”greaterOrEqual” mergeaction=”add” size=”2101″/>
</requirements>
</installfeature>
</install>
</object-data>
</domain-object>
</ibm-portal-composite>

Replacing the content of uninstall.ibm_activities.xml

<?xml version=”1.0″?>
<ibm-portal-composite>
<domain-object name=”com.ibm.rcp.installmanifest”>
<object-data>
<install version=”4.5.0.20130224-1730″>
<installfeature default=”false” description=”%Activities.description” id=”Activities” name=”%Activities.name” required=”false” show=”true” version=”4.5.0.20130224-1730″>
<requirements>
<feature action=”uninstall” id=”com.ibm.openactivities.client.feature” match=”greaterOrEqual” shared=”true” version=”1.0.0″/>
<feature action=”uninstall” download-size=”2452″ id=”com.ibm.lconn.client.bizcard.feature” match=”greaterOrEqual” shared=”true” size=”2101″ version=”4.5.0.20130224-1730″/>
<feature action=”uninstall” download-size=”2452″ id=”com.ibm.lconn.statusupdates.feature” match=”greaterOrEqual” shared=”true” size=”2101″ version=”4.5.0.20130224-1730″/>
<feature action=”uninstall” download-size=”2452″ id=”com.ibm.lconn.client.activities.nl.feature” match=”greaterOrEqual” shared=”true” size=”2101″ version=”4.5.0″/>
<feature action=”uninstall” download-size=”2452″ id=”com.ibm.lconn.client.activities.feature” match=”greaterOrEqual” shared=”true” size=”2101″ version=”4.5.0.20130224-1730″/>
</requirements>
</installfeature>
</install>
</object-data>
</domain-object>
</ibm-portal-composite>

Repacking/compressing the new package

Open a terminal window and go to the working directory of your choice.
Issue the command:

sudo dpkg-deb -b ibm-connections-4.5.0.i586

If everything is OK a ibm-connections-4.5.0.i586.deb file is created.

Installing the new package

sudo dpkg -i ibm-connections-4.5.0.i586.deb

Uninstalling the new package

Check what is installed with sudo dpkg -l ‘ibm*’:i386
could look like this:
Screenshot from 2013-07-26 15:57:29

based on this uninstall looks like this
sudo dpkg -r ibm-connections-plugin:i386
sudo dpkg –purge ibm-connections-plugin:i386

Conclusion

It seems to me that the installation of the Notes 9.0 client in a 64 bit Ubuntu environment is not going to be done without changing and repacking/compressing the package(s) as well as installing some dependencies from the 32 bit environment. On the other hand, from experience, other client environments like Windows usually involve this type of changes to include own versions of eg. plugin_customization.ini so this is not so much different than customizing and testing any other package in any other environment as you do inside larger corporate environments.

Shortlink to this document: http://www.infoware.com/?p=1106

Teknikfrukost med Domino-applikationer i fokus

Domino och XPages frukostseminarie

(see information in English below)

Infoware bjuder in till trevlig Teknikfrukost med era Domino-applikationer i fokus!

Många organisationer har en stor flora av Domino-applikationer. Förvaltningen av dem är en särskild utmaning vid migrering, tex. mellan domäner, till moln, till nya klienter som webb eller mobilt, eller till andra epost-system. Vi visar hur DomainPatrol Pro (ny version släpps under maj) hjälper till med ordningen och hur XPages öppnar dina applikationer för nya klienter.

Agenda:

DomainPatrol Pro ur förvaltning- och migreringsperspektiv

Demo och frågestund kring XPages – specifikt kundcase

Våra seminarier är kostnadsfria och du får träffa några av våra mest erfarna och kompetenta konsulter. Du håller dig uppdaterad inom det tekniska området samtidigt som du äter en god frukost tillsammans med de andra seminariedeltagarna.

Tid och plats
Onsdag 22 maj 2013

08:00 Frukost serveras
08:30 Seminariet startar
09:10 Seminariet slut

Efter seminariet finns vi på plats för vidare diskussioner och frågor.

Kungsholms strand 123
Stockholm

Varmt välkommen att anmäla dig! Antalet platser är begränsat.

info@infoware.se
08-652 17 30

hälsningar Infoware
______________________________________________

In English:

We invite you all to a breakfast meeting about XPages and Domino Apps, on the 22th of May at the Infoware office.

At 08:00  we will be serving breakfast, and at 08:30 the seminar starts.

The seminar will be held in Swedish, but if you would like to know more about our expertise on XPages or Domino Apps, please send us an email!

info@infoware.se

How to make Lotus Notes clients shine!

Previously we’ve talked about how to set up Parallels 8 to work properly on a Macbook Pro Retina. (You can read all about it over here), this final instalment isn’t targeted at Retina capable devices and thus should benefit everyone.

Now it’s time for some tweaking of the Lotus Notes clients themselves (Designer and Notes both) making them shine! Maybe you need to squint a bit, but the look will at least improve. Mission impossible? I think not! Before this article is over we’ll have a look at how to install an Eclipse plugin to manage themes. This will allow us to manage, share and edit the look of our working environment with ease. We’ll make some additional tweaks to the look and another couple of tips to improve and speed-up Domino Designer. But what are we waiting for? Let’s…

Get Started!

If you’re in a hurry – you can just download this setup file which I’ve handily prepared for your coding pleasure: Lotus Notes – Performance by Infoware

You will manually have to install my favorite font: Inconsolata
(Otherwise stuff will look way weirder then usual.)

You won’t get the theme plugin installed either, but you will get the color theme. Choosing this path I’ll assume you know what you’re doing, so I won’t go into any more details (like how to install the setup file). For the rest of you – Go get a cup of joe, because we’ll be here for a while…

Before we begin, last time around I mentioned a potential issue for Chrome users. It looked like graphical glitches when GPU accelerated CSS3 was involved. It worked fine in Parallels 7 as well as in IE10 and Firefox 15 under Parallels 8. Pretty weird stuff, if anyone were to ask me… But, fortunately, it worked itself out with an upgrade of Parallels. You can read all about the details (and workaround if it ever were to resurface) over here. Ok, on to the fun stuff: You’ve probably heard that Lotus Notes is now partially based on Eclipse? Well, if you haven’t – don’t sweat it. Just take my word for it (or have a look at this snasy Wikipedia article). As of 8.0 Lotus Notes client moved to Eclipse and from 8.5 and onwards we now get to enjoy(?) Eclipse in Domino Designer as well. True to their usual shenanigans, IBM won’t let us play with the all new and shiny: For Domino Designer 8.5.3 we’re stuck with the 3.4.2 version of Eclipse, also known as Eclipse Europe. The latest version, at the time of this writing, is Eclipse 4.2 (Juno). This has implications when using plugins, as we’re about to do.

The things I've seen

When things don’t go as expected

The plugins, that you’re installing in Domino Designer, needs to be compatible with Eclipse3.4.2 or horrible things may happen. You have been warned… If you’re running in a VM then just take a snapshot before trying out any new plugins.

Installing The Plugin

But, first things first! We need to enable the ability in Domino Designer to install plugins. This is the same procedure as you need to perform when you enable Source Control in Domino Designer. If you haven’t used SourceControl yet I highly recommend it, it will literally be a life changer! Your hair will grow back, your wife will look thinner and your kids will actually do what you tell them to! (Don’t know but the wife part, but otherwise it’s all good!) If you didn’t get to go to LotusPhere 2012 then here’s another couple of articles to get you started:

But, back to the matters at hand. To enable installation of plugins in Domino Designer: File / Preferences / Domino Designer – “Enable Eclipse plug-in install”

Enable Eclipse plug-in install

When “Enable Eclipse plug-in install” is enabled you’ll get additional menu options in Domino Designer: File / Application

Now you can manage your plugins here

  1. Click on File / Application / Install.
  2. In the following dialog, select: “Search for new features to install”.
  3. Click “Add Remote Location”
    Name: <Anything You Like> (I really went wild and chose: “Eclipse Color Theme”)
    URL: http://eclipse-color-theme.github.com/update
  4. Click “Finish”
  5. Make sure “Eclipse Color Theme” is checked.
  6. Accept the terms.
  7. Click “Next”.
  8. Click “Finish”.
  9. Select “Install this plug-in”
  10. Sacrifice a goat to the hacker gods and restart the client (The sacrifice is optional, but it can’t hurt)
  11. Done!

If all went as planned you should now be able to find the Eclipse Color Theme plugin in Domino Designer at: File / Preferences / General / Appearance / Color Theme

Eclipse Color Theme plugin in Domino Designer! Woot!

These are just the default themes to choose from. There are, at the time of this writing, 10240 more themes to choose from!
You can find the rest of the themes at http://eclipsecolorthemes.org as well as the plugin we just installed.

Someone might have noticed that this plugin doesn’t support Eclipse 3.4.2, but in my experience everything seem to work fine anyway.

My current favorite is “Zenburn” (bottom of the list). But do have a good look around for yourself, feel free to report back which one(s) you prefer or if you write your own.

Now, one might think that all is good and well. But, unfortunately, there’s still some kinks to work out on our quest to stardom. If you use LotusScript you won’t appreciate this new color scheme below:

Looks rather depressing, doesn’t it?

I don’t want an angry mob of LotusScript coders kicking my door down, screaming for blood! So, let’s fix this – quickly!

Fixing LotusScript

In Domino Designer – File / Preferences / Domino Designer / LotusScript Editor / Fonts and Colors

In the right pane, change:

  • “Normal Text” – Color: rgb(246, 243, 232)
  • “Identifiers”- Color: rgb(246, 243, 232)
  • “Keywords” – Color: rgb(223, 190, 149)
  • “Comments” – Color: rgb(128, 128, 128)
  • “Multi-line Comments” – Color: rgb(128, 128, 128)
  • “Constants” – Color: rgb(165, 194, 77)
  • “Directive” – Bold, Italic, Color: rgb(165, 194, 77)

Changing the font

While we’re at it, take the opportunity to change the hideous Arial font to something nicer. It’s easy! Close your eyes and take a pick! Or use the one I prefer: Inconsolato.

Now isn’t that better?!

But why stop there, we’re on a roll here! Let’s change to the same font for everything in the Lotus Notes clients:

In Domino Designer: File / Preferences / General / Appearance / Colors and Fonts.

– In the filter box, search for “fonts” (without the quotes) and replace everything with your new shiny font. I also took the opportunity to remove anything that’s set to bold, just because…

In Notes Client: File / Preferences / Basic Notes Client Configuration / Default Fonts

– Just set everything to the new font of your choosing.

Again, in Notes Client: File / Preferences / Fonts and Colors / Mail view font

While you’re in the preferences box, you might want to take a peek under: Windows and Themes / Theme and set to “Operating System Theme”.

I counted to no less then 9(!) different fonts for the different parts of the interface, now it’s much more consistent and hopefully a bit easier on the eyes.

If I haven’t bored you to tears just yet, I’ll finish you off with a couple of more tweaks:

Have a look at this excellent article by Nathan T. Freeman
Making Domino Designer work like you want

Also I recommend changing the memory config of Domino Designer with this little utility:
Designer Mem Config

Let’s do a summary, shall we?

We’ve enabled the ability to install Eclipse plugin in Domino Designer and touched briefly on the dangers of using plugins for newer versions of Eclipse than 3.4.2. We installed the Eclipse Color Theme plugin, configured that and made some much-needed adjustments to the LotusScript editor theme. I gave you a couple of links with tips of more tweaks to top it all of.

But that does seem like an awful lot of steps doesn’t it?! You feel like you’ve read all of the above and deserve some kind of reward, right? Sure you do! As I stated in the beginning I’ve saved a file that does all of the above (including Nathans tips and adjusting the memory configuration of Domino Designer) + some small tweaks of my own – thrown in their for good measure. (AutoSave every 15 minutes, “Right double-click closes window”, disable “Check Subscriptions” and disable “Enable Java Applets”

All you need to do is to install the Inconsolata font (or follow the instructions to change the font to something else) and import my settings!

If you followed Nathans advice then, in Domino Designer, you should have a tab that says “Package Explorer”. If you haven’t, then here’s where to find it:

Window / Show Eclipse Views / Package Explorer

  1. Under Package Explorer, where its white space – right-click.
  2. Select “Export”, from the popup menu. (We’ll get to the import, just make a backup copy of your preferences first).
  3. General / Preferences
  4. Export All
  5. Name it and save some place… Safe.

Then, Import / General / Preferences, Import All and select the file you downloaded from: Lotus Notes – Performance by Infoware.

Restart the client and…. Stick a fork in me, I’m Done!

If you believe I’ve missed something essential, please share in the comments below.

As always: follow @jBoive for the latest of the greatest!

The nitty-gritty of running Domino Designer in Retina mode

Enough of the ramblings! Jump to the juicy stuff!

I gave a teaser earlier, but now it’s time to get our hands dirty!

I’m running Parallels Desktop 8, earlier version works on a Macbook Pro Retina but you won’t get the full benefit. The reason is that you’re not able to run different resolutions in your VM (Virtual Machine) then what you’re using in OS X. That may, or may not, be an issue, but to me it’s a big drawback. There’s plenty of other reasons to upgrade (30% better performance is just one of them), so if you haven’t already upgraded – now is the time! Or is it..?

I eagerly jumped at the opportunity to snag the latest release of Parallels, but my upgrade path was to be… Well…  Less than stellar… When I initiated the upgrade of Parallels I had a suspended VM. That particular VM was running my entire work environment in Windows 7 64-bit Ultimate. Let’s just say it’s pretty crucial to my day-to-day work.

Now, I know what you’re saying. Of course I SHOULD have done a backup, but no one remembers a coward. Right? (Besides, sleeping is highly overrated..) Anywho! Maybe salivating over the spec from the latest release of Parallels drained my brain from vital fluids, I don’t know! But, to make a long story short: I didn’t make a backup of my precious VM!

Everything went fine with the upgrade, no warnings or anything. The problems began once I fired up my suspended VM once again. It started upgrading Parallel Tools, nothing strange there. Went fine. Rebooted. Windows opened three command prompts:

Parallel Tools - failed upgrade

It just sits there – looking stupid…

And then…. Nothing. No CPU activity, no network traffic, nothing. So, the only thing left to do was to kill Windows and reboot.

Everything appeared fine, at first. But, when I tried starting Domino Designer it seemed to hang. But give it a good five minutes, or so, and it jumped back to life as if nothing ever happened. This wasn’t acceptable, so (after trying just about everything) I filed a support question here with Parallels. To date, nothing good has come of it…

But you’re not here because you like to stay within your comfort zone are you? You love to live on the bleeding edge! Be in the forefront of the action! A pioneer! “One small step for man… ” and all that! Ok, ok! I got a “bit” carried away there for a while. But it’s OK to get excited – we’ve arrived at the…

Details

Eager to get everything working again I thought that this was as good a time as any to install Windows 8, instead of my ageing Windows 7 installation, a teeny-weeny bit to my surprise it went without issues(!). Started feeling cooky (again), but it was too be short-lived. Once my trusty Designer-client was fired up it looked like… Crap!

[Click the image below to view the Retina version. Be aware: it’s big @ 658KB]

Domino Designer 199% DPI

Not the screen real estate you were hoping for

Notes client

The Notes client is’nt much better

Notes admin client

The admin client is unusable

Now this was not was I was expecting after my upgrade. But, fortunately, it’s a rather easy fix:

The Gist

What we need to do first is disable “Optimize Windows for full resolution” under Parallels / Virtual Machine / Configure / Hardware / Video:

Notes admin client

Make sure: “Optimize Windows for full resolution” is disabled

This allows us to manage the DPI settings under our host operating system (Windows 8, in my case) ourselves. Otherwise Parallels forces 199% DPI which doesn’t suit our needs very well… You need to reboot your VM, before the next step. It’s ok, I’ll wait…

… Done? Good! If the text now looks even weirder in your VM, don’t worry! We’re about to fix that.

Windows 8 and Windows 7 are more or less the same. Just open the Control Panel and copy/paste: “Control Panel/Appearance and Personalization/Display” (without the quotes) into the top part of the Control Panel and it will take you where you need to go:

Text Size 145 DPI

145 DPI is a good compromise

Click “Custom sizing options” and I suggest that you set it to 145%. I find it to be a good compromise, but feel free to test different values.

Here’s the instructions for:

As a reward for all your hard work, you should now be greeted by a much happier Lotus Notes client:

[Click the image below to view the Retina version. Be aware: it’s big @ 570KB]

Lotus Notes Designer with proper DPI settings

A happy Lotus Notes Designer client! Who would’ve thought?!

Lotus Notes Admin client with proper DPI

Lotus Notes Admin client can’t handle much higher DPI then 145, rows will overlap

There you have it ladies and gentlemen!

Summary

So, we’ve managed to get manual control over the DPI settings by disabling “Optimize Windows for full resolution” in Parallels and we’ve adjusted the DPI setting to 145% (or there abouts) in our VMs.

Our work environment now starts to look pretty decent! But there’s more! In the next instalment we’ll have a look at some final tweaks to really make Lotus Notes shine (Yeah! I said it!) and how to manage themes to give your coding environment a big productivity boost! (At the very least it will look different)
Also, we’ll iron out some quirks that Parallels may reveal if you’re into Google Chrome.

So stay tuned &| follow me on Twitter for all the latest of the greatest: jBoive

Feel free to hit me back with any comments or questions below!

How to setup Domino Designer on a Retina screen

If you are one of the lucky few who has a Macbook Pro Retina in their possession AND you happen to be a Lotus Domino developer, then this article is for you! This will perhaps not appeal to the broadest of audiences, but to the selected few – I hope it will be of value.

There are a surprising number of Domino Developers who choose to run on Mac, myself included. If this is just because we have good taste, or because of something else I leave to you, my beloved readers, to judge. For a Domino Developer there really isn’t much of a benefit, as we still need to run Wintendos since Domino Designer isn’t available on OS X just yet. (From what I hear it won’t be anytime soon either). There are a number of options that are available to you when your forced in to the Windows environment using a Mac: Boot Camp, Parallels Desktop or Vmware Fusion being the most popular.

Personally, I prefer Parallels Desktop 8. I did run with Vmware Fusion 4 for a while, but decided to give Parallels a shot and haven’t looked back! In all fairness: I haven’t tried Vmvare Fusion 5, but to be honest I haven’t found a reason to switch from Parallels. It performs better in general and just feels more complete (comparing previous releases), especially with the new 8 release.

(You can find a comparison here: Comparison of VMware Fusion and Parallels Desktop)

[EDIT: Here’s a current benchmark comparison between Parallels Desktop 8 and VMware Fusion 5: Benchmarking Parallels vs VMware]

Parallels claimed Retina support even with R7 and that was just a bunch of crock, in plain english. But with R8 they have delivered!

Now, finally, we’re getting to the really juicy bits!

Here’s what we’re aiming for: (Click images for the full Retina experience!)

Illustrating Domino Designer in 2880x1800

Yes, it’s HUMONGOUS!

XPages Source

Plenty of space for code!

JavaScript - Source

Yup! JavaScript works as well!

If you haven’t fallen asleep yet, or rushed to the nearest Apple Store – This was just something to wet your appetite. Next time we’ll have a look at how to actually accomplish this, what settings to use and so on. If there’s enough interest I’d might even share my custom dark theme for editing JavaScript and XML!

Follow @jBoive for updates and/or stay tuned!

AD108: The grand tour of IBM Lotus Notes and Domino 8.5.3 upgrade pack XPages capabilities.

Very informative session with lots of demos of the components available in Upgrade Pack 1. No information how skinnable the components are, but since they’re probably based on One UI v2.1 this shouldn’t be a problem. I would definitely look into this before implementing any components in an external site as they look… Well… Very much like Domino web based apps. Not brilliant, to be nice. ;-)

With UP1 (Upgrade Pack 1) we now have access to using REST services. There are three different kinds, depending on where you wish to utilize them.

  • Domino Data Service
    When you’re not using XPages to access Domino data.
  • XPages REST Services Control
    When you ARE using XPages. This is more flexible then the above, so it’s preferred.
  • Custom Database Servlet
    When you need complete control! Requires Java skills.

There is a Kitchen Sink/Demo application that allows you to test all these new features and of course have a look at the source code. The application is automatically installed with the UP1.

The differences from the Extension Library are:

  • UP1 IS supported by IBM, where ExtLib is not.
  • UP1 shows the design element instead of just a computed text – enhanced Designer experience.
  • UP1 is fully accessibility compliant, where ExtLib may not be.
  • UP1 comes with an installer/uninstaller. ExtLib comes in a .ZIP-file.
However, UP1 are missing two things from ExtLib:
This may or may not be a deal braker for you.

You can find the documentation for UP1 here

You can find the slides here

AD110 – IBM Lotus Domino XPages Go Zoom!

This session talked briefly about suitable tools that you may use the debug and/or get a glimpse behind the sceen regarding frontend peformance:

Firebug
Chrome Developer Tools
Speed Tracer
Page Speed
Yslow
IE Developer Toolbar
Opera Dragonfly
Weinre
Fiddler
XPages Toolbox

Most of them should you be fairly familiar with. Firebug, at the very least. Personally I prefer Chrome Developer Tools, because I prefer Chrome and I find their Dev tools less prone to crashing.

For IE Development the IE Developer Toolbar is a must.

Fiddler is great across everything that uses HTTP/S. It sits in the middle as a proxy and record a lots of useful information as well as the ability to simulate modem speeds.

XPages a toolbox is also a welcome addition to be able to get a backstage view of what takes up most of the time in you XPages application.

The session went on and talked, in great detail, about the differences between the execution modes. To summarize:

Full refresh – Is the most expensive. Recalculates and sends the entire page.
Partial refresh – Recalculates the entire page, but just sends the part of the page you specify.
Partial execution + Partial refresh – Just computes the requested area and returns that.

For best performance, use the last combination specified above where ever possible.

Other suggestions are:
Use get requests instead of post. This skips a lot of steps in the life cycle and as such reduces the load on the server and calculates quicker.
Set all containers, that don’t require input, to read only. Again, saves computing power.
Use the dataCache-property on every Domino view source you can.
Use the viewsScope/Request scope to cache objects and variable. Caching reduces CPU utilization and using short lived scoped variables reduces the memory footprint.

Can’t remember if they mentioned this, but in reality modern web applications main bottleneck isn’t the server, it’s the number of http requests the page does. There for you will get the biggest performance boost if you enable Application Preferences / XPages-tab / “Use runtime optimized JavaScript and CSS resources”. (Domino 8.5.3 only) This merges most (not all) JavaScript and CSS external references you might have into one request per type.

Combine all of the above and your XPage applications will be screaming!

20120123-190448.jpg