Issue:

Lotus Notes Domino 9.0.1 fix pack 5 provides TLS support in stand-alone Java DIIOP applications.

The new implementation of secure DIIOP uses a standard Java key store on the client to access the trusted root certificates of the server.

There is no more usage of TrustedCerts.class file by the new NCSO jar package in this context definition as it was the case before.

Trying to acquire a new LND server with SSL option will make the Java connector server to fail with INSUFFICIENT_ACCESS_RIGHTS and the following error message:

"Session closed due to communications failure: make sure TrustedCerts.class is included in the deployed connector bundle fragment to enable SSL."

The DIIOIP Java application code which was working with TrustedCerts.class is still supported but now works with a configuration file named as "dominocertsconfig".

The new NCSO API package expects to find this configuration file in the Java Home location of the JVM running the DIIOIP Java application.

The "dominocertsconfig" file needs to be posted into the Java home of the JCS.

You need to put the "dominocertsconfig" configuration file under the "<Connector Server Home>\jvm" folder.

See IBM documentation to code the content of this file.

The configuration file is a text file with two lines in it:

domino.keystore=<path to the key store>
domino.kspassword=<password of the key store>

Here is an example of "Program Files (x86)\CA\Identity Manager\Connector Server\jvm\dominocertsconfig" file content (2 lines):

domino.keystore=C:\\certs\\cacerts.jks

domino.kspassword=changeit