Welcome to the #dominoforever Product Ideas Lab! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated jointly by the IBM & HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino page.


SSL Certificate management

The process for managing SSL certificates since the implementation of TLS 1.2 is so convoluted.

We need a replacement for certificates requests database

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jul 24 2018
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    July 24, 2018 14:04

    or better documentation for openssl process...

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    July 24, 2018 14:05

    that costed me 5 days to enable ssl on a server with kyrtools and openssl :) 

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    July 24, 2018 14:42

    Use LE4D by midpoints

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    July 24, 2018 21:33

    Since 901FP5 (approximately) you don't need OpenSSL or KYRTOOL.  Certca.ntf works with SHA2 and TLS1.2 same as it always did before as long as your server and Administrator are current.  Ignore the Technote - it's obsolete.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    July 28, 2018 00:01

    Correction: csrv50.ntf, version 9.0 (10/31/2012)

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    July 30, 2018 07:39

    It's csrv50.ntf I'm talking about - Server Certificate Admin

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    August 16, 2018 22:46

    Maybe this request and this request (HTTPS/TLS: Handle standard .pfx/SSL Certs better/easier for SSL/TLS) should be combined?

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    August 28, 2018 23:45

    Oh, so true!

    Not to mention that the security tab of the Web Site config doc isn't used for anything but the cert file name. Even that new verison of the app is a bit clunky, with having to refresh, then do a form, then refresh, then import the signed certs, and nothing in the app says to install the top level, then mid level(s), and then server one. The app needs a workflow refresh. Also, all my certs are now in my kyrtool files, so I've just stuck with the more OS terminal of work.  I also think both this one and the TLS certs suggestion are linked.