The Unofficial Poster Child for Notes and Domino


Robert Baehr Tags Adobe Acrobat BaehrWare Domino Domino 10 Domino10 Domino2025 General HCL IBM Think IBMConnect2017 JSON Lotusphere Lotusscript Notes Smoker Sunday Technology	The Unofficial Poster Child for Notes and Domino You Are One Quarter Cup Of Coffee Away From SSL/TLS With Domino 12 Robert Baehr September 27 2021 04:56:59 AM Greetings: My SSL/TLS Certificates were due to expire, so I thought - what the heck - let's try the new CertMgr feature of Domino 12. I mean, what could possibly go wrong? Answer: Nothing! In case you haven't read about it yet, Domino 12 includes full integration with (and a lot of automation to) the Let's Encrypt free SSL/TLS certificate authority. I decided to start off with a cup of coffee - a little cream - a dash of splenda - and the Domino Administrator help database. After a quick NOTES.INI modification, and server restart, I entered the CertMgr.nsf database on my server. After completing two simple forms, and submitting my request, I was amazed that the SSL/TLS certificates that I requested were fully operational. I mean, I barely got to sip my coffee before the process was completed. No KYR - no STH files to deal with. No KYRTOOL and OpenSSL tools needed. No copy - no paste - no "retrieve certificate" needed. Thank you, HCL, for taking a cumbersome process and making it easy. It's the little things..... Now, where's the rest of that hot coffee? Cheers! Bob Baehr The Unofficial Poster Child for Notes and Domino. Comments [1] Comments 1Daniel Nashed 9/27/2021 6:22:51 AM You Are One Quarter Cup Of Coffee Away From SSL/TLS With Domino 12 Great it worked for your out of the box! IMHO this isn't a "little thing". It has been a major shift from the old legacy on disk KYR file format to a modern UI in a domain wide database to maintain and distribute X.509 web server certs for all your servers. This also includes a very easy to use manual flow to create CSRs and also to import the returned certificates. The flow allows to paste certificates in any order and also auto completes chains if the trusted roots are in the database. With 12.0.1 there will be full export and import for PEM, PKCS12 and KYR (only import). And if you are looking for wild card Let's Encrypt support there is an own interface for DNS-01 challenge support via DNS TXT API integrations. It is complemented with a completely new TLS Cache which detects and reloads TLS Credentials and allows to use RSA/ECDSA keys with multiple SANs and also wild-card lookups. If you are looking for details check this blog post and presentation --> https://blog.nashcom.de/nashcomblog.nsf/dx/domino-certmgr-openntf-webinar.htm -- Daniel Subject: Name: Email: Website: Add Comment:	Feeds Content Feed Comment Feed Recent Entries docuSign and Domino My Death App and NOMAD JSON Classes are BAD ASS Mapping A Drive Letter To You Are One Quarter Cup O Recent Comments JSON Classes are BAD ASS JSON Classes are BAD ASS You Are One Quarter Cup O Domino and PDF Data Trans Domino and PDF Data Trans Archives April 2023 (1) November 2022 (1) July 2022 (1) January 2022 (1) September 2021 (2) July 2021 (2) April 2021 (1) March 2021 (1) February 2020 (2) July 2019 (1) June 2019 (1) February 2019 (5) December 2018 (1) November 2018 (3) October 2018 (2) June 2018 (1) March 2018 (1) December 2017 (1) May 2017 (2) February 2017 (9)