Before installing a SSL certificate on an IBM HTTP Server, which is used for IBM Connections applications, keep in mind that if the RSA key size exceeds 2048 Notes users won’t be able to access the data in Connections using “IBM Connections Plug-ins for Notes” via HTTPS.
If you do so the following errors will appear in Notes Client:
- Cannot connect to the Activities Server. Either the URL is incorrect, the server is down, or a firewall may be preventing you from reaching the server. Check the URL, your firewall settings and the server status and try again.
Notes client trace log errors:
- CWPST0306W: An exception occurred while invoking the target method login.
- javax.net.ssl.SSLKeyException: RSA premaster secret error
- java.io.IOException: RSA premaster secret error
- java.security.InvalidKeyException: Illegal key size or default parameters
The solution is to change the java policy files on a client with unrestricted java policy files. You can download the files needed from
You can check the version with the “java –version” command. You should do that in order to determine which version of java policy files you need.
In this case I would download and use “Files for older versions of the SDK”, from the URL mentioned above.
To exchange the java policy files, just overwrite the files with the downloaded files in “<Notes installation directory>\jvm\lib\security”. After that the “IBM Connections Plug-ins for Notes” will work as supposed.
You should also know that after updating the Notes client, the java policy files will be overwritten with default files and the problem will occur again.
I tested and reproduced this issue on Notes 9.0.1 FP2, FP3 and FP4 client.
I hope this will help you to take all precautions so that your Notes users won´t experience this error.