#dominoforever | Product Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Let's Encrypt certificate manager program to be available for IBM i

Certificate Manager (CertMgr) server task. This task runs on one server in a Domino domain and handles the certificate processing. It leverages new back-end security APIs and requires a HCL Domino® version 12 or higher server running on Docker, Windows, or Linux. This does not include OS400/IBMi

  • Guest
  • Jun 14 2021
  • Needs Review
  • Attach files
  • Guest commented
    26 Mar 05:38pm

    The TLS Cache is cross platform. Only the domain wide CertMgr task is only available on Windows and Linux. The component used for the HTTP-01 challenge was a DSAPI filter in 12.0 and is integrated into the HTTP task as an internal filter in 12.0.2. This also makes it available for OS400.

    The only component not available for OS400 is the CertMgr itself.
    And there is a good reason for it. First of all OS400 does not support ECDSA and there are some other detailed limitations.

    If you have other servers in your Domain running one of the supported operating systems, you can still request certificates. Only the HTTP component needs to be on the edge (DMZ) or available via a reverse proxy/load balancer from outside.


    In case of DNS-01 Let's Encrypt challenges no inbound connection is required.

    So there should be a way to implement what you need, with other servers.

    Ping me if you need help setting it up. I have blogged about some combinations.

    Daniel Nashed [https://blog.nashcom.de]

  • Guest commented
    28 Feb 12:37pm

    Need this. We currently have some domino servers in our DMZ in a special domino domain which have no windows or other servers other than IBM i.