#dominoforever | Product Ideas Portal

 

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

SNI support for Domino HTTPS

SNI (Server Name Indication) allows you to to use HTTPS for multiple websites on a Domino server without the requirement to have a separate IP address.

Today there is no way to support multiple HTTPS based websites with a single IP address.

 

See --> https://en.wikipedia.org/wiki/Server_Name_Indication

Daniel Nashed  [ https://blog.nashcom.de ]

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jul 14 2018
  • Shipped
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    23 Jun 04:17pm

    Hi All.

    Use the new keyring cache ini variable to expand the number of domain certs past the default memory usage limit of 10. Add this to the notes.ini: SSL_KYR_CACHE_MAX_SIZE=50.

    For us, at MW, the default 10 handled about 12 keyrings each containing one or more domains. HCL support says the cache is by the kyr file's cert file size (e.g. the CRT file that's imported), not the number of domains specfically. If you need more than the max 50, HCL needs to know. There is a new request to increase the limit to 100. If your Domino server runs many Web Site docs with lots of domain "aliases" (e.g. for marketing), you might run over the max 50 setting. https://domino-ideas.hcltechsw.com/ideas/DOMINO-I-1310

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    3 Jun 01:40pm

    Very strange to wait Domino 11.0.1 to get this.

    There is a workaround to host many HTTPS Websites with only one IP.

    I developped this for a big company (bank)...

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    8 Mar 07:49pm

    Thanks HCL!!

    it will be implemented in Domino 11.0.1 (statement of HCL at Engage2020)

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    8 Nov, 2019 02:56pm

    Without this I think there is a huge problem arguing for the plattform

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    9 Jul, 2019 12:17am

    My concern is with the Notes client.  Even if Domino does not feel it necessary to support SNI in its web functionality, this should have been addressed in the Notes client years ago, rather than being 'considered for future releases', otherwise Domino/Notes will continue to lose market share.  Major operating systems and browsers have supported SNI since 2012.  Use of SNI-enabled SSL certificates is growing as Google is driving website to implement HTTPS, which means a lot more 'red-X' issues when we copy web information into a Notes document.  See HCL case CS0008905 for more details.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    1 Jul, 2019 03:51pm

    It would indeed make things easier. Especially if you have your servers outsourced.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    19 Jun, 2019 12:21pm

    This is must for the future of the platform

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    7 Jun, 2019 03:03pm

    Hello,

    Referencing this case number again for check point. TS002340855

    Customer asking for update if this will be featured/release on the upcoming fix packs or version of Domino. thanks! 

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    3 Jun, 2019 01:08pm

    Once we moved to SSL, our customers' Internet document routing intermittently fails, requiring use of the entire path rather than simply customer.mycompany.com.  Going back to HTTP is not an option and making an investment in an IP address for every customer is prohibitive at this time.  

    Please take this on ASAP.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    8 Apr, 2019 09:35pm

    We currently work around this by keeping domino on HTTP only and sitting NGinX in front of it to do HTTPS/HTTP2. Seems to work quite effectively so far, supports SNI, single IP address.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    30 Nov, 2018 03:02pm

    Amen, Daniel!

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    21 Nov, 2018 07:48am

    We have our Domino server behind a haproxy load balancer. However due to HTTPS we currently need different IP adresses for each domain we host. Furthermore this results in a vast haproxy configuration file. Please bring this feature!

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    20 Nov, 2018 11:37pm

    YES! A Must-have!

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    8 Oct, 2018 02:35pm

    Yes, please, this is almost a requirement as more sites are requiring SSL, even for internal only traffic. Having to ask for a separate IP address for each web site is not going over well, plus adds more complexity to the configurations..

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    28 Sep, 2018 01:33pm

    That would be huge help for several our our customers

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    28 Aug, 2018 11:22pm

    Yes!

    This would free up a bunch of our external IPs.  I've done this via a reverse proxy, but then you have to maintain two server configurations -- not ideal - and definitely not the typical historical Domino way.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    14 Aug, 2018 08:24pm

    This would be a huge help especially for bringing Domino applications to the web. All major web servers support SNI.