/
Prepare EWS API

Prepare EWS API

Owned by Lango: Language and translation manager
Last updated: Aug. 08, 2023
3 min read

1. files

The JAR files contained in the ZIP file are required in the <Domino program directory>\jvm\lib\ext directory
https://stanoc.atlassian.net/l/c/A71U6ZVm

Contents of the following ZIP must be placed in <Domino program directory> in subdirectory stanoc unpacked:
https://stanoc.atlassian.net/l/c/eGmMgb8K

The PowerHelper must be installed in <Domino program directory> in the subdirectory stanoc unpacked:
https://stanoc.atlassian.net/l/c/vBF13fut

2. customize the environment (Notes.ini)

2.1. patch

If the Domino Server is running version 9.0.1 FP10, it is mandatory to install the following JVM patch from HCL:
https://support.hcltechsw.com/community?id=community_blog&sys_id=3304eb0c1bae7810534c4159cc4bcb08

2.2 Domino JVM

It is helpful to provide the JVM with more memory - to do this, set the parameters in Notes.ini:

JavaMaxHeapSize=2048M HTTPJVMMaxHeapSize=2048M HTTPJVMMaxHeapSizeSet=1

Then stop and restart the Domino server HTTP task (a "tell http restart" command is sometimes not enough):

tell http quit load http

2.3 Domino JVM TLS

A parameter for the configuration file for Java must be added to Notes.ini so that Domino uses HTTPS via TLS V1.2:

JavaUserOptionsFile=c:\ibm\domino\javaoptions.properties

The following line must now be entered in the specified file:

3. special features

3.1. proxy for the connection

In this case, the proxy must be deposited in two places:

3.1.1. for connections of the stanocServiceHelper:

In the <Domino program directory\stanoc adapt the file stanocServiceHelper.conf and deposit the data:

3.1.2. for connections with stanocPowerHelper:

To do this, you need to run the Domino service as a user and start a Windows session for that user and invoke PowerShell.

Enter the following (adjust data)

Then save the file and close it.

If it is not possible to run the Domino service as a user, you can also insert the code directly into the script in a central location.

3.2. transparent proxy that breaks and scans SSL connections

Since the Domino JVM does not use the certificate information from Windows, you have to store the certificate authority of the SSL scanning proxy in the Domino JVM as a trusted certificate authority.

Otherwise, the following error pattern may occur:

  • Make backup of the cacerts (<Domino program directory>\jvm\lib\security\cacerts )

     

  • Organize the certificate of the proxy CA in Base64 encoded format (it is usually distributed in the Windows certificate manager on all PCs) and store it in C:\Temp\ as sophos-ca.cer:

     

  • Import the certificate in a CMD session with administrator rights

    Answer the query whether to trust the certificate with Yes/Yes

  • If necessary, the Domino service must be restarted