Query results for : Tools
Import & Export Internet Certificates Programatically- 18 June 2015 - (0) Comments
Thomas Hampel
18 June 2015We all know that Admins are lazy. Being lazy can be helpful when having development skills, especially to reduce the amount of helpdesk calls by automating boring work.
How to import X509 certificates into a Notes ID when the certificate itself is stored in the Windows certificate store?
S/MIME Import / Export Automation
If needed, users can then export or import Internet Certificates directly from the Notes Client, but who wants to do that manually?
Even exporting the certificate from the Notes ID is too complicated for most users...
Looking for an automated way to export Internet Certificates, the pubnames.ntf provides there are some undocumented @Formulas that can be found for working with X509 certificates
- @X509Certificates([Subject];UserCertificate;"");
Returns the list of subjects of the internet certificates stored in the person document field named "UserCertificate" - @Command([PKCS12ExportCertsFromNAB];UserCertificate;Certificate;Number;"0")
Where "Number" is the element in the list returned by @X509Certificates
In my opinion those @Functions still show too many dialog boxes, so lets try to make it more simple.
The C-API documentation provides the functions required namely PKCS12_ExportIDFileToFile and PKCS12_ImportFileToIDFile.
Wrapping both into a small script is easy...
Declare Function PKCS12_ExportIDFileToFile Lib "nnotes" Alias "PKCS12_ExportIDFileToFile" (_
ByVal pIdFilename As String,_
ByVal pIdFilepassword As String,_
ByVal pPKCS12Filename As String,_
ByVal pPKCS12Filepassword As String,_
ByVal ExportFlags As Long,_
ByVal ReservedFlags As Long,_
Preserved As Any) As Integer
Declare Function PKCS12_ImportFileToIDFile Lib "nnotes" Alias "PKCS12_ImportFileToIDFile" (_
ByVal pPKCS12Filename As String,_
ByVal pPKCS12Filepassword As String,_
ByVal pIdFilename As String,_
ByVal pIdFilepassword As String,_
ByVal ImportFlags As Long,_
ByVal ReservedFlags As Long,_
Preserved As Any) As Integer
Const PKCS12_EXCLUDE_PRIVATEKEYS=&h00000001
Calling those API's would be able to import a certificate from a file, but often the certificate has already been deployed to (e.g.) the Windows certificate store.
It would have been easy to use a Windows API call to export a certificate into a file and then import it again back into the Notes ID using the Notes API calls above.
Unfortunately M$ discontinued support for CAPICOM after Windows XP... so we have to use old school methods like using command line tools like Certutil
still with the resulting functions you can Import and Export X509 certificates from the Windows certificate store to the NotesID and back.
ImportInternetCertificatesFromOSCredentialStore.lss
ExportnternetCertificatesToOSCredentialStore.lss
As usual mind YMMV and feel free to further optimize the code to fit your needs-
Please use at your own risk and report back any suggestions or improvements!
Special Thanks to Marcus Floeser for providing the screenshot.
Mail Rules Analyzer has been published- 29 September 2014 - (1) Comments
Thomas Hampel
29 September 2014Today OpenNTF published one of my contributions Mail Rules Analyzer
It is a small tool for Domino Administrators to scan mail files on one many servers to find out if any mail rule has been set up for external forwarding of mails.
Main use case is to analyze an environment to notify users who have such mail rules configured before preventing users from forwarding mails to external recipients
Results can be grouped/sorted/analyzed later on. At present the tool will only scan for rules that will forward a mail to external recipients but certainly there is room for further improvement...
Here are a few screenshot of the user interface:
Please post your comments and ideas in the feature requests section of the project
This is just the first publication out of a number of tools which our team has developed over time, we expect to publish them one by one in the near future.
Special thanks to Julian Robichaux for allowing the design reuse of the OpenLog template.
References:
- OpenNTF Mail Rules Analyzer
- Technote #1245022 - Preventing users from forwarding mail using a Send Copy To rule
Making Internet Mail Secure with just a few clicks - S/MIME in Domino- 9 May 2014 - (0) Comments
Thomas Hampel
9 May 2014I'm wondering why internet mails are still sent unencrypted, at least for a large extend. You should not make it too easy for your enemy to spy on you just by sniffing your internet traffic. This blog post is a reminder for Domino admins who still force mails sent unencrypted over the internet to take action now. No, I'm not talking about transport level security for now, this post is to provide end to end encryption.
After having read the-dummies-guide-to-2048-bit-ssl-self-signed-certificates-in-domino.htm you are ready for securing your internet email with S/MIME.
So lets roll out S/MIME certificates to Notes users in a Domino domain:
Basic steps are:
1. Create a key ring file that contains a self signed (or trusted ) certificate
For more information on how to create a self signed CA, read the-dummies-guide-to-2048-bit-ssl-self-signed-certificates-in-domino.htm
2. Set up the CA process in Domino
Nobody wants to deploy S/MIME certificates to users manually, so it is recommended to set up the CA process in Domino,
otherwise an Admin needs to enter the password of the keystore every time a new user is being registered.
3. Migrate an (internet) Certifier into the CA
Just read and follow instructions for migrating an existing Certifier/KeyRing , or create a new one using the use the step by step instructions starting with slide #89
Remark: You must refresh the CA process in order to see the newly migrated certifier, use the server command "tell ca refresh" and "tell ca status"
4. Rolling out Internet Certificates to Users
Follow instructions for Issuing Internet certificates in a Person document or use the step by step instructions starting with slide #149
Here the CA process becomes very handy when the rollout is done in waves.
Done!
Once AdminP completed, the Notes Client will pick up the new keys the next time it authenticates with the Domino server and the new S/MIME certificate will then be merged into the users ID file.
If an IDVault is in use, the Notes Client will then upload the ID file to the vault automatically.
What about Step-by-Step deployment instructions?
Those have already been provided byTom Truitt's in his Lotushpere 2011 presentation SHOW104 - Crispy Certificates with Spicy SSL Salsa
One might also want to know how to enable S/MIME in BlackBerry Enterprise Service 10 and should keep in mind S/MIME in IBM Notes Traveler still seems to be an issue (Reference Technote #7039769 )
How to obtain the internet certificate's public key of a user?
When receiving internet mail users of the same domain can pick up the public key of a user from the Domino Directory, but users receiving mail from the internet need to ask the sender for a signed email to add the senders internet certificate to local address book manually. The option can be found in the "Add Sender to Contacts" dialog box...
at the very bottom there's a small check box...
Now you can send & encrypted mail(s) via the internet - sniffing network traffic wont provide the mail body in clear text anymore.
Of course enabling S/MIME for external communication is just a first small step and you know its not a perfect way to protect your privacy forever.
Overall, this is just some very basic knowledge every Domino administrator should have applied for years, but unfortunately...
Yes, there is more to say about S/MIME in Domino, a lot more - so there will be another blog post about this topic.
Further reading:
- Quick guide to securing a Domino server with SSL using the CA process
- IBM Developerworks article "Enhancing e-mail security with S/MIME" by Chuck Connell
http://chc-3.com/pub/Notes-Internet-Encrypted-Email.pdf - Lotus Domino Certification Authority Tutorial
- Lotus Security Handbook,
- Technote #1308138 Export the private key from a Domino keyfile by using IKEYMAN
- Import & Export an Internet certificate from a Person document
Unable to set/unset ’Record activity’ programmatically- 9 March 2014 - (0) Comments
Thomas Hampel
9 March 2014One little checkbox in Notes/Domino which can cause some headaches is "Record activity" which can be found in the Database Properties / User Detail window.
Audit & Compliance teams as well as work councils love it...
...and they always have the same opinion on how to set it, right?
Yes, I know you can disable actvity logging for all databases on a server to improve performance, but what if you need the opposite compliance reasons? What if you need to enable activity logging for a few (hundred) databases at once, but not for all?
Developers of crouse will start searching the Designer documentation for a LotusScript class of some sort, realizing quickly that it doesnt exist.
Next step of your research would be the Notes C/C++ API Toolkits which normally provide methods to resolve the toughest problem -- bad luck this time.
Furtunately there are clever business partners who seem to have found a way to mass-modify user activity settings by using the full version of the databaseEZ tool. (Thanks Ben for the hint)
Although this tool provides fast pain relief it is not always a perfect solution - think of situations where a large amount of servers is involved, or where admins dont have manager access to mail files, or where the setting has to be set on a regular basis etc.
So unfortunately there seems to be no (easy) programmatic way to modify this flag, at least there is no ready-made C-API, LotusScript or Java class for changing it.
The problem has already been reported to IBM within SPR # MSTS9G3AVP
Download Connect 2014 presentation files- 13 February 2014 - (1) Comments
Thomas Hampel
13 February 2014If you have not already managed to download the IBM Connect presentations with Stephan's instructions using CURL, here is a dummies guide for Firefox users.
Please note, those presentations are not publically available - to download them you need to authenticate with your IBM Connect credentials which can be found here:
Step-by-step instructions:
1. If not already installed, get Firefox
2. Install the Plugin DownThemAll! ( for more information see http://www.downthemall.net/ )
3. Open page1 of the IBM Connect public files feed
4. Authenticate using the credentials (see your IBM Connect badge)
5. Right click on the page and choose "DownThemAll!..." to start the plugin
6. Set download options as shown below...
- Define where to store the downloaded files
- Set the filter to include only "Archives" & "Documents"
7. Start the download
8. Repeat step 5 to 7 with page 2 of the feed
If everything worked out, you should have approx. 500 PDF files showing up in the folder specified above.
You might want to take a look at Chris Miller's IBM Connect and Lotusphere slides database which currently hosts ~55 slide decks from IBM Connect 2014 and is publically accessible.
Furthermore Niklas Heidloff pulled together a list of app dev sessions from IBM Connect 2014 , some more presentations can be found by searching Slideshare.
Unfortunately not all presentations are available for download - some speakers did not grant permission to publish the slides, so there's some content that is only available to people in the room.
If you did not make it to Orlando there's a chance to attend local events such as the Rheinland Nachlese 2014 organized by TIMETOACT
Backup Notes ID on local computer- 14 January 2013 - (0) Comments
Thomas Hampel
14 January 2013On special request of a customer, I'm posting a little LotusScript to back up the current NotesID locally.
Dim s As New NotesSession
Dim NotesID$, BackupID$, NotesData$
NotesData = s.Getenvironmentstring("Directory", True)
NotesID$ = s.Getenvironmentstring("KeyFileName", True)
'# check if the 2nd character in the string NotesID is a ':'
If Not Right(Left(NotesID$,2),1) = ":" Then
'# NotesID is located within Data Directory
NotesID$ = NotesData$ & "\" & NotesID$
End If
Print "Current NotesID is : " & NotesID$
BackupID$ = NotesID$ & ".bak"
Print "Backup will be stored in : " & BackupID$
If Dir$ (BackupID$,0)="" Then
'# No previous backup found, so okay to continue
Else
'# Previous backup found, so deleting existing file and create a new backup
Print "Previous backup found, so deleting existing file and create a new backup"
Kill BackupID$
End If
Print "Creating a backup of your NotesID in : " & BackupID$
FileCopy NotesID$, BackupID$
MsgBox "A backup of you Notes User ID was created in " & Chr(13) & BackupID$
Creating PDF documents from within Notes/Domino- 3 December 2011 - (0) Comments
Thomas Hampel
3 December 2011How can PDF documents be rendered from within a Notes application?
Converting Notes documents into Adobe's PDF format can be a challanging task.
Many different software addon products for Lotus Notes/Domino are being sold to make this happen,
e.g. DominoPDF which is being used by some of my customers - but in fact you dont need anything else than a Java component inside of your application.
Simply by using the iText Library and a small piece of source code, you can add PDF conversion functions to your Domino application. Look at this video to see an example. The solution outlined here makes sense for embedding this functionality inside an application. For single computers instead, its most likely enough to look at FreePDF (english) a freeware PDF converter which installs itself as a printer device.
Firefox Plugins you should have- 14 March 2011 - (0) Comments
Thomas Hampel
14 March 2011Web Developer
http://www.heise.de/software/download/web_developer/36532
which is very useful to uncover attempts for clickjacking.
HTTPS everywhere
https://www.eff.org/files/https-everywhere-latest.xpi
Prevents from identify theft via firesheep
Collaborate with an IBM employee via Sametime- 25 January 2011 - (0) Comments
Thomas Hampel
25 January 2011I have been asked several times how customers can talk or chat with IBM'ers directly. It still seems that people dont know that they can get access to IBM's internal Sametime environment by using the ST web client.
Collaborate with an IBM employee via Sametime... here is an explanation how to do that:
You can also take a Video Tour
If you want to find the email addresses of the people you know inside IBM, see here
http://www.ibm.com/contact/employees/us/
Eclipse Update Sites- 9 November 2010 - (0) Comments
Thomas Hampel
9 November 2010Customers and colleagues quite often are asking where to find some special tools to extend their Lotus Notes client.
Using Eclipse Updates is a great method to extend the functionality of the client itself and to keep up to date in case of updates.
Here a list of interesting Eclipse Update sites:
- SNAPPS - SidebarChart, ReCon Remote Console Sidebar, and more
http://templates.snapps.com/widgets/SnappsUpdateSite.nsf/ - Jeff Geifelt, SecretAgent, Formul8, and more
http://www.jeffgilfelt.com/eclipseplugins/ - LotusLive Meetings
http://www.conferenceservers.com/brands/SBS/LLMEETING_EN-US - Epilio
http://www.epilio.com/stupdate.nsf/site.xml - Lemkinworld
http://update.lekkimworld.com/attentionotes - OpenNTF
http://openntf.org/8625767000299513/site.xml
Lotus Learning Plugin
http://www-10.lotus.com/ldd/dominowiki.nsf/dx/learning-plug-in-for-ibm-lotus-notes
PS: Please let me know about other update site's on the internet which provide cool / clever enhancements for Lotus Notes or Sametime.
Productivity- 9 November 2010 - (0) Comments
Thomas Hampel
9 November 2010Working in the IT business for several years brings a lot of experience of using different tools to increase our own productivity.
Within this article I'm goping to share some tools which I believe are essential for a Domino Administrator.
Workstation
- IBM Support Assistant
- GIMP, a freeware image editor for complex graphics
- Picasa, useful for managing a large amount of pictures
- SnagIT
- Camtasia Studio
- Total Commander , file manager for people who grew up without a mouse.
- FreePDF XP , create PDF documents by printing them
- VideoLAN
- Google Earth
- Notepad++
- Wireshark - an excellent network traffic analyzer
- FaJo TimeTool, a gread freeware application to track time spent for different projects
- Dia or YEd as a replacement for Visio. Visio viewer will help
Lotus Notes Tools
- Teamstudio
- Ytria
- NotesPeek , allows to analyze Notes applications
Browser plugins, (of course for Firefox)
- AI Roboform - store and manage your (Web-) passwords in a secure way.
- IBM Support Bar - direct access to support material of IBM
- Firefox Sync - sync bookmarks across different computers/operating systems, incl. sync to iPhone
- BetterPrivacy - delete supercookies on the fly
- FireBug - even if you're not a web developer, this tool is a musthave to analyze HTTP related problems
- NoScript - musthave to keep a browser secure.
Other Interesting tools
- lucidchart.com - a browser based alternative to Visio
Create an Impressum- 7 August 2010 - (0) Comments
Thomas Hampel
7 August 2010Publishing on the web isnt easy these days, often it just takes a few days until someone complaints that your web site doesnt meet the legal requirements.
A first start is to use a little helper like the one on this web page to create a basic impressumg which might already fit your needs.
http://www.e-recht24.de/impressum-generator.html
Unfortunately you almost have to study law in order to build an impressum that will fulfil all legal requirements of your country, so its worth spending a few bucks and consult a lawyer.