Photo db: Stacktrace displayed on IBM Domino Console, when the 'Get Photo from Connection' agent runs
If you are using a self-signed SSL certificate or a certificate that Domino doesn't trust you will see an error on your Domino console whenever the Photo Db agent run. To make the agent run successfully you have to import the certificate of the IBM Connections endpoint (IBM HTTP Server) into the Java keystore utilized by Domino.
How to install a SSL certificat in the Domino keystore.
1. Open a Command prompt
2. Navigate to the security-folder on the Domino Servers jvm-directory (e.g. D:\Domino\jvm\lib\security).
3. Optional: If you want to see the current certificates
..\..\bin\keytool.exe -keystore cacerts -list
Please note: The default password for the keystore is: "changeit"
4. Export the certificate of the IBM Connections endpoint using a web browser
(e.g. using Firefox) in DER-format
5. Copy the DER-file you exported to the security-folder of the Domino server
6. Import the certificate as a trusted certificate into the keystore
..\..\bin\keytool.exe -keystore cacerts -import -v -trustcacerts -alias <some alias> -file <certificate DER file>
If the certificate file is called cert.der and the alias should be ibm_connections use the following command:
..\..\bin\keytool.exe -keystore cacerts -import -v -trustcacerts -alias ibm_connections -file cert.der
7. Verify cert is imported and trusted (alias set to ibm_connections)
..\..\bin\keytool.exe -keystore cacerts -list -alias ibm_connections
8. Restart the agent manager in Domino