Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

199 VOTE
Status Shipped
Workspace Domino
Categories Security
Created by Guest
Created on Jul 14, 2018

SNI support for Domino HTTPS

SNI (Server Name Indication) allows you to to use HTTPS for multiple websites on a Domino server without the requirement to have a separate IP address.

Today there is no way to support multiple HTTPS based websites with a single IP address.

 

See --> https://en.wikipedia.org/wiki/Server_Name_Indication

Daniel Nashed  [ https://blog.nashcom.de ]

  • Attach files
  • Guest
    Reply
    |
    Jun 23, 2020

    Hi All.

    Use the new keyring cache ini variable to expand the number of domain certs past the default memory usage limit of 10. Add this to the notes.ini: SSL_KYR_CACHE_MAX_SIZE=50.

    For us, at MW, the default 10 handled about 12 keyrings each containing one or more domains. HCL support says the cache is by the kyr file's cert file size (e.g. the CRT file that's imported), not the number of domains specfically. If you need more than the max 50, HCL needs to know. There is a new request to increase the limit to 100. If your Domino server runs many Web Site docs with lots of domain "aliases" (e.g. for marketing), you might run over the max 50 setting. https://domino-ideas.hcltechsw.com/ideas/DOMINO-I-1310

  • Guest
    Reply
    |
    Jun 3, 2020

    Very strange to wait Domino 11.0.1 to get this.

    There is a workaround to host many HTTPS Websites with only one IP.

    I developped this for a big company (bank)...

  • Guest
    Reply
    |
    Mar 8, 2020

    Thanks HCL!!

    it will be implemented in Domino 11.0.1 (statement of HCL at Engage2020)

  • Guest
    Reply
    |
    Nov 8, 2019

    Without this I think there is a huge problem arguing for the plattform

  • Guest
    Reply
    |
    Jul 9, 2019

    My concern is with the Notes client.  Even if Domino does not feel it necessary to support SNI in its web functionality, this should have been addressed in the Notes client years ago, rather than being 'considered for future releases', otherwise Domino/Notes will continue to lose market share.  Major operating systems and browsers have supported SNI since 2012.  Use of SNI-enabled SSL certificates is growing as Google is driving website to implement HTTPS, which means a lot more 'red-X' issues when we copy web information into a Notes document.  See HCL case CS0008905 for more details.

  • Guest
    Reply
    |
    Jul 1, 2019

    It would indeed make things easier. Especially if you have your servers outsourced.

  • Guest
    Reply
    |
    Jun 19, 2019

    This is must for the future of the platform

  • Guest
    Reply
    |
    Jun 7, 2019

    Hello,

    Referencing this case number again for check point. TS002340855

    Customer asking for update if this will be featured/release on the upcoming fix packs or version of Domino. thanks! 

  • Guest
    Reply
    |
    Jun 3, 2019

    Once we moved to SSL, our customers' Internet document routing intermittently fails, requiring use of the entire path rather than simply customer.mycompany.com.  Going back to HTTP is not an option and making an investment in an IP address for every customer is prohibitive at this time.  

    Please take this on ASAP.

  • Guest
    Reply
    |
    Apr 8, 2019

    We currently work around this by keeping domino on HTTP only and sitting NGinX in front of it to do HTTPS/HTTP2. Seems to work quite effectively so far, supports SNI, single IP address.

  • Guest
    Reply
    |
    Nov 30, 2018

    Amen, Daniel!

  • Guest
    Reply
    |
    Nov 21, 2018

    We have our Domino server behind a haproxy load balancer. However due to HTTPS we currently need different IP adresses for each domain we host. Furthermore this results in a vast haproxy configuration file. Please bring this feature!

  • Guest
    Reply
    |
    Nov 20, 2018

    YES! A Must-have!

  • Guest
    Reply
    |
    Oct 8, 2018

    Yes, please, this is almost a requirement as more sites are requiring SSL, even for internal only traffic. Having to ask for a separate IP address for each web site is not going over well, plus adds more complexity to the configurations..

  • Guest
    Reply
    |
    Sep 28, 2018

    That would be huge help for several our our customers

  • Guest
    Reply
    |
    Aug 28, 2018

    Yes!

    This would free up a bunch of our external IPs.  I've done this via a reverse proxy, but then you have to maintain two server configurations -- not ideal - and definitely not the typical historical Domino way.

  • Guest
    Reply
    |
    Aug 14, 2018

    This would be a huge help especially for bringing Domino applications to the web. All major web servers support SNI.

27 MERGED

Domino Internet site document to not require an ip address for each SSL website connection

Merged
There are Domino servers that uses 100+ internet site documents that is working fine for HTTP connections. When there are changes in security requirements in their company, these documents must have a unique ip address for SSL connections(working...
over 5 years ago in Domino / Administration 1 Shipped
36 MERGED

Multiple SSL certificates on one IP

Merged
Add the possibility of having one SSL certificate per hostname not IP adress bound to the server.
about 5 years ago in Domino / Security 5 Shipped
19 MERGED

Improve support for TLS- wildcard / subjectAltName termination

Merged
Currently we need to configure a dedicated IP-address for each individual TLS-enabled Domino site on a single server.Working with wildcard or subjectAltName's certs, we can use a single certificate for multiple sites.Domino should accept the TLS-c...
about 5 years ago in Domino / Administration 1 Shipped