Syntax: DIIOP_DUP_KEYRING=classname

Description: To use SSL with DIIOP/NCSO and the remoted back-end classes, the Domino server must first be configured for SSL. When SSL is configured on a server, a keyring is created to contain the server certificates. A Domino server keyring has the file extension .kyr and is specified in the server document and in the Internet site document. Each Domino server that uses SSL must have a trusted root certificate from a certificate authority in its server keyring file.

TrustedCerts.class is also a keyring that only contains the public certificate server's signer, also known as the trusted root certificate. TrustedCerts.class is automatically created by DIIOP, using the server's or Internet site key ring(s), when DIIOP is configured to listen on the SSL port. It is typically found under the domino\java directory.

The server will accept DIIOP SSL sessions from a remote Java client to encrypt the network traffic. DIIOP SSL currently does not support authentication with client certificates. When the Java client and the Domino server share a trusted root, they can establish an encrypted network session..

The notes.ini setting DIIOP_DUP_KEYRING=classname creates a Java class file that contains the same certificates that are in the TrustedCerts.class, but the class name can be user specified.

The class name can be used as a parameter to the methods, below, by including -ORBSSLCertificates=classname in the string array argument.

Applies to: Servers

Default: None.

UI equivalent: None