Getting data from an HTTPS site in backend using XPages

If you want to connect to an SSL protected site and get information it could be an webpage or a webservice if you are using xpages and the certifier isn’t already in Domino you need to import the certificates.

Open up the Domino Name and adress book navigate to Security -> Certificates

When you are in this view the action menu will have a new option

Select these and import each of the certificates that you have.

When they are imported you need to create a Cross certificate.

Go in to each one of the newly imported certificates and in the actions meny you will have create cross certificate create a cross certificate against the server. Make sure to change from Local to the server in registration server. When you are done.

Restart task HTTP on the server console and you should be able to connect.

If it’s an old Java agent this doesn’t work then you need to import the certificate in the keystore in the jvm.
If you are doing this let me know and I assist you.


  1. Hi Fredrik —

    “If it’s an old Java agent” — do you mean the new method doesn’t work at all for Java agents?

    I created a scheduled Java agent that connects to an https URL and it works fine if I use cacerts keystore in the jvm (on Domino 9.0.1 FP9). However, I can’t get the same certificate to work with using the Names and Address Book method that you described above.


    • Fredrik Norling

      What I mean is Java agent there is no new java agent. With new I mean XPages and java code libraries.
      I haven’t looked if it changes with FP10 and Java 1.8

  2. Hi, hope you are well – I am having issues sending the certificates via a web page (or Xpage) for an XML Soap Web Service Post request – if I run the agent (that calls the Java connection code) from the Notes client (with agent.runOnServer()) then it sends the certificates, but from a web page I get “SSL readHandshakeError”.

    The runOnServer connection works with below code but the web page does not seem to take effe-ect: your advise will be appreciated! – thanks

    FYI, the cert.jks is valid because the web service works from Postman and SoapUI

    =========== CODE =================

    String javaHomePath = System.getProperty(“java.home”);
    String keystore = javaHomePath + “\\lib\\security\\cert.jks”;
    String truststore = javaHomePath + “\\lib\\security\\cert.jks”;

    String storepass= “Password”;
    System.setProperty(“”, truststore);
    System.setProperty(“”, keystore);
    System.setProperty(“”, storepass);
    System.setProperty(“”, storepass);

    URL urlNew = new URL(urlStr);
    HttpsURLConnection con = (HttpsURLConnection) urlNew.openConnection();
    con.setRequestProperty(“Content-type”, “text/xml; charset=utf-8”);

    OutputStream reqStream = con.getOutputStream(); //(Fails here)

    con.connect(); // Optional

    responseCode = con.getResponseCode();

    • Fredrik Norling

      Sorry, I have never used an alternative keystore from a domino agent. I have always imported the certs in the keystore located in the domino folder. Looking at the paths I’m guessing that you are using Linux, does the domino service have write access to the keystore?
      Does the server document have a kyr file specified sometimes that is needed with ssl.

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.