Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Status Under Consideration
Workspace Domino Designer
Created by Guest
Created on Apr 17, 2019

Populate JDK keystore (cacerts) with SSL certificates from names.nsf on JDK startup

Opening SSL connections to other servers in Java often cause a SSLHandshareException, because the server SSL certificates are unknown.

You have to download them manually and use ikeyman.exe to import them into the cacerts file of the Domino server's JDK as described here: http://www-01.ibm.com/support/docview.wss?uid=swg21588966

Installing Domino updates like FP's resets the cacerts to the default again, breaking working web apps.

 

The names.nsf already contains a view to import internet certificates. Please read the imported certs on every JDK startup (e.g. when starting the OSGi runtime, running Java agents in Agent Manager) and add them to the JDK's keystore.

That way, certificates can be configured without remote desktop access to the server, just by using Domino Administrator.

 

Karsten Lehmann, Mindoo GmbH

  • Attach files