To set up security for Internet site documents, you can enable TLS server and client authentication, name-and-password authentication, or anonymous access for Internet and Intranet clients.

About this task

To enable TLS for Internet sites, configure the TLS port on the server document and set up TLS on the server by obtaining a server certificate and keys from an Internet certificate authority.

You should be familiar with TLS authentication, name and password authentication, and anonymous access before completing these steps.

Note: You can prohibit access to an Internet site by selecting No for all authentication options in an Internet site document. These options include TCP authentication, TLS authentication, and TCP anonymous access.

Procedure

1. From the Domino Administrator, click Configuration -> Web -> Internet sites.

2. Choose the Internet site document to modify, and click Edit Document.

3. Click Security and complete these fields:

Table 1. Security for Internet site fields and descriptions

Field	Description
TCP Authentication
Anonymous	(Applies to all Internet sites, except IMAP and POP3) Choose one: Yes -- To allow anonymous access to this site No -- To prohibit anonymous access
Name & password	Choose one: Yes -- To require a user to authenticate with the user's name and Internet password to access the site No -- To not require name and password authentication
Redirect TCP to TLS	(Applies to Web Site only) Choose one: Yes -- To require clients and servers to use the TLS protocol to access the Web site No -- To allow clients and servers to use TLS or TCP/IP to access the Web site
TLS Authentication
Anonymous	(Applies to all Internet sites, except IMAP and POP3) Choose one: Yes -- To allow users access over the TLS port without authenticating with a name and password No -- To deny users anonymous access
Name & password	Choose one: Yes -- To require a user to authenticate with user name and Internet password in order to access this site using TLS No --To not require a name and password
Client certificate	(Applies to Web Site, IMAP, POP3, and LDAP) Choose one: Yes -- To require a client certificate for access to this site No -- To not require a client certificate
TLS Options
Key file name	Specify one of the following: If a certstore.nsf configuration is used, specify the host name of the server or any other certificate present in certstore.nsf for the server. If certstore.nsf configuration is not used, specify the kyr file.
Accept TLS site certificates	Choose one: Yes -- To accept the certificate and use TLS, even if the server does not have a certificate in common with the protocol server No (default) -- To prohibit the acceptance of TLS site certificates for access
Accept expired TLS certificates	Choose one: Yes -- To allow clients access, even if the client certificate is expired No -- To prohibit client access using expired TLS certificates
Check for CRLs	Choose one: Yes -- To check the certifier's Certificate Revocation List (CRL) for the user certificate you are attempting to validate. If a valid CRL is found and the user certificate is on the list, the user certificate is rejected. No -- To not use Certificate Revocation Lists
Trust expired CRLs	Choose one: Yes -- To use expired but otherwise valid Certificate Revocation Lists when attempting to validate user certificates No -- To reject expired Certificate Revocation Lists
Allow CRL search to fail	Choose one: Yes -- If the attempt to locate a valid Certificate Revocation List fails, proceed as if Check for CRLs is set to No. No -- If a valid Certificate Revocation List for the user certificate is not found, reject the certificate. If Trust expired CRLs is set to Yes, an expired CRL is valid. If Trust expired CRLs is set to No, the authentication will fail for every user certificate for which a matching valid CRL is not located.
TLS Security
TLS ciphers	Click Modify to change the TLS cipher settings for this site document. These settings apply only to TLS v3. TLS v2 ciphers cannot be changed.

Parent topic: Understanding Internet site documents on Domino servers

Related concepts
Understanding Internet site documents on Domino servers
Setting up an Internet certificate authority
Caching Internet password changes for SSO
Session-based name-and-password authentication for Web clients
Anonymous Internet and intranet access
Validation and authentication for Internet and intranet clients

Related tasks
Creating an Internet site document
Setting up the Web SSO Configuration document for more than one Domino domain
Setting up session-based name-and-password authentication
Setting up basic name-and-password authentication
Setting up Internet/intranet clients for anonymous access

Help on Help

All Help Contents

Help on Help