Prepare EWS API
1. files
The JAR files contained in the ZIP file are required in the <Domino program directory>\jvm\lib\ext directory
https://stanoc.atlassian.net/l/c/A71U6ZVm
Contents of the following ZIP must be placed in <Domino program directory> in subdirectory stanoc unpacked:
https://stanoc.atlassian.net/l/c/eGmMgb8K
The PowerHelper must be installed in <Domino program directory> in the subdirectory stanoc unpacked:
https://stanoc.atlassian.net/l/c/vBF13fut
2. customize the environment (Notes.ini)
2.1. patch
If the Domino Server is running version 9.0.1 FP10, it is mandatory to install the following JVM patch from HCL:
HCL Notes/Domino - HCL Notes Domino 9.0.1FP10 JVM Patcher SR6FP25 - Community
2.2 Domino JVM
It is helpful to provide the JVM with more memory - to do this, set the parameters in Notes.ini:
JavaMaxHeapSize=2048M
HTTPJVMMaxHeapSize=2048M
HTTPJVMMaxHeapSizeSet=1
Then stop and restart the Domino server HTTP task (a "tell http restart" command is sometimes not enough):
tell http quit
load http
2.3 Domino JVM TLS
A parameter for the configuration file for Java must be added to Notes.ini so that Domino uses HTTPS via TLS V1.2:
JavaUserOptionsFile=c:\ibm\domino\javaoptions.properties
The following line must now be entered in the specified file:
3. special features
3.1. proxy for the connection
In this case, the proxy must be deposited in two places:
3.1.1. for connections of the stanocServiceHelper:
In the <Domino program directory\stanoc adapt the file stanocServiceHelper.conf and deposit the data:
3.1.2. for connections with stanocPowerHelper:
To do this, you need to run the Domino service as a user and start a Windows session for that user and invoke PowerShell.
Enter the following (adjust data)
Then save the file and close it.
If it is not possible to run the Domino service as a user, you can also insert the code directly into the script in a central location.
3.2. transparent proxy that breaks and scans SSL connections
Since the Domino JVM does not use the certificate information from Windows, you have to store the certificate authority of the SSL scanning proxy in the Domino JVM as a trusted certificate authority.
Otherwise, the following error pattern may occur:
Make backup of the cacerts (<Domino program directory>\jvm\lib\security\cacerts )
Organize the certificate of the proxy CA in Base64 encoded format (it is usually distributed in the Windows certificate manager on all PCs) and store it in C:\Temp\ as sophos-ca.cer:
Import the certificate in a CMD session with administrator rights
Answer the query whether to trust the certificate with Yes/Yes
If necessary, the Domino service must be restarted