Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Status Under Consideration
Workspace Domino
Categories Administration
Created by Guest
Created on Nov 22, 2022

CSRs generated by CertMgr/CertStore do not support a mail address field

Some CA's accept a CSR only when there is mail address part of the request. They use the address to notify the customer when the certificate is about to expire.

In Certstore I can predefine the usual values (Company, Organization, Country, State), but mail address is missing. Please add it to the global defaults.

  • Attach files
  • Admin
    Thomas Hampel
    Reply
    |
    Dec 16, 2022

    You dont need the CA to send warning messages when the cert expires. This functionality is already provided by the Domino CertManager. See Health Check section of the configuration form.

  • Guest
    Reply
    |
    Nov 24, 2022

    Just checked. The back-end API supports the email attribute and also the CertMgr back-end reads the field.

    But at the time we decided, we don't want the field on the form. And you are the first one asking about it.

    Just tested and this is already in 12.0:

    You can add this field to the form: "ReqEmailAddress"

    CertMgr understands the field and will include the e-mail address in the CSR.

    -- Daniel

  • Guest
    Reply
    |
    Nov 24, 2022

    Can you explain why a server certificate should have an email address?

    Can you also provide examples of public CAs requiring the email attribute?

    Or is this more a customer defined workflow using this attribute to make their life easier?

    I did never hear that a e-mail address is required for a server certificate.

    The attribute emailAddress is usually used for the key useage emailProtection.

    Is this the attribute requested?