Secure HTTP Login

How to ensure that your Domino HTTP usernames and passwords are secured during log in. Normal Domino logins are passed via clear text and can be easily captured by sniffers sitting outside of your firewall. This helps to encrypt those logins.
There are 8 steps that I use to ensure that Domino HTTP passwords are encrypted:

1. Enable Session Authentication on the Internet Protocols, Domino Web Engine section of the server document.

2. Follow the instructions in the Domino Administration help to configure and enable SSL.

3. Create a database with a special login form in it. A sample database can be found at
Under the Popular downloads, choose the Domino Custom Login Forms database.

4. Upload this database to the data directory on your server with the name DCLF.nsf (can be any name but will use this for example)

5. In the database properties of any database you are publishing via Domino, set the Web Access: Require SSL Connection to yes.

6. Customize one of the forms in DCLF.nsf to your companies colours, logos, etc.

7. Create a Domino Configuration Database named domcfg.nsf (must be in the root). In that database, create a mapping to a custom login form. Point to the DCLF.nsf and form that you set up in steps 3 and 4.

8. Recycle the HTTP service >tell http restart

You will notice that when you go to login, you are presented the form in DCLF.nsf that you modified earlier, you will also notice that SSL has been activiated on your browser. When you login, your User Name and password are now passed to the server under SSL.

This was first published in November 2000

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.