Enable server to server secure communications (optional)

By default, IBM Traveler uses regular TCP sockets for communication between the IBM Traveler server and the HTTP server, as well as for communications between the IBM Traveler servers within an HA pool.

It may be desirable to use secure sockets for this communication if the networking between the IBM Traveler servers is not isolated or secure. Note that requiring secure server to server communications will impact overall performance.

To enable the use of SSL sockets between the IBM Traveler servers, the following steps can be used:
  1. To generate a self-signed certificate with an expiration date far in the future, use the following example:
    <domino>\jvm\bin\keytool -genkey -v 
       -alias "Traveler" 
       -validity 9999 
       -keystore traveler.jks
       -storepass <password>
       -keypass <password>
    Note: For IBM® i, the keytool is located at: /QOpenSys/QIBM/ProdData/JavaVM/jdk80/32bit/bin or /QOpenSys/QIBM/ProdData/JavaVM/jdk80/64bit/bin

    It is recommended you use the same password for the storepass and the keypass. If the password parameters are omitted, the keytool will prompt for them.

  2. Copy the traveler.jks that was just created to each server. A suggested location is <domino data>\traveler\cfg. It is important for the servers to use the same certificate file, so the keytool command should not be run on each server.
  3. Open a command prompt.
  4. Change the directory to <domino data>\traveler\util.
  5. Run travelerUtil to configure IBM Traveler to use SSL:
    travelerUtil ssl set keystore=<domino data>\traveler\cfg\traveler.jks key=<password>

    Specify the same password that was used for the storepass and keypass parameters with the keytool command.

After making these changes, both the Traveler task and the HTTP task must be restarted on the IBM Traveler Server. When the IBM Traveler server restarts, it will use SSL sockets to communicate with other IBM Traveler servers.

Repeat these steps for each IBM Traveler server in the pool. All the IBM Traveler servers in the pool must be configured the same way; otherwise, they will not be able to communicate with each other.