Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Status No Plans to Implement
Workspace Domino
Categories Security
Created by Guest
Created on Jun 14, 2021

Let's Encrypt certificate manager program to be available for IBM i

Certificate Manager (CertMgr) server task. This task runs on one server in a Domino domain and handles the certificate processing. It leverages new back-end security APIs and requires a HCL Domino® version 12 or higher server running on Docker, Windows, or Linux. This does not include OS400/IBMi

  • Attach files
  • Admin
    Thomas Hampel
    Aug 12, 2022

    Sorry but I have to close this request with no plans to implement. For details see the previous comment. However, please continue to vote for this idea if you are interested.

  • Guest
    Mar 26, 2022

    The TLS Cache is cross platform. Only the domain wide CertMgr task is only available on Windows and Linux. The component used for the HTTP-01 challenge was a DSAPI filter in 12.0 and is integrated into the HTTP task as an internal filter in 12.0.2. This also makes it available for OS400.

    The only component not available for OS400 is the CertMgr itself.
    And there is a good reason for it. First of all OS400 does not support ECDSA and there are some other detailed limitations.

    If you have other servers in your Domain running one of the supported operating systems, you can still request certificates. Only the HTTP component needs to be on the edge (DMZ) or available via a reverse proxy/load balancer from outside.

    In case of DNS-01 Let's Encrypt challenges no inbound connection is required.

    So there should be a way to implement what you need, with other servers.

    Ping me if you need help setting it up. I have blogged about some combinations.

    Daniel Nashed []

  • Guest
    Feb 28, 2022

    Need this. We currently have some domino servers in our DMZ in a special domino domain which have no windows or other servers other than IBM i.