#dominoforever | Product Ideas Portal

 

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

 

Merged idea

This idea has been merged into another idea. To comment or vote on this idea, please visit ADMIN-I-10 The expiration date for ID vault certificate is not able to update.

Multiple problems managing ID Vault Trust Certificates Merged

When setting up the ID vault, the Vault Trust Certificates  and the Password Reset Certificates  are set to expire 10 years after creating them.  There is no way to change this.   These certificates expire without any warning.  Once they expire, administrators are no longer able to create new users because they cannot store the ID file in the ID Vault.

Lots of problems here that need fixing.

1.  Admins should have the opportunity to set the expiration date of the Vault Trust Certificate.

2. The system should provide a warning in the expiring certificates view of the Domino Directory.

3. The error message reported in the User Registration panel should be more explicit in what the problem is when the ID cannot be stored in the ID Vault.

4. The process of renewing the certificates requires manually deleting them from the Domino Directory and then creating them new.  There is no way to update the certificates.  (See this technote: https://www-01.ibm.com/support/docview.wss?uid=ibm10878126  )

5. The process of recreating the Vault Trust Certificates and the Password Reset Certificates (and in general managing the ID Vault) should allow it to use the CA process, not require having the organization certifier in hand.

-David Hablewitz

  • Guest
  • Feb 14 2020
  • Likely to implement