Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.
For more information and upcoming events around #dominoforever, please visit our Destination Domino Page
Command-Line is just not the right way.
This can be all done. We could document integrations in the HCL GitHub CertMgr repository:
Please raise issues here --> https://github.com/HCL-TECH-SOFTWARE/domino-cert-manager
Maybe we should open the git repository for discussing ideas?
This would then lead to more documentation once discussed.
The interface to generate a CSR is pretty simple. As soon the TLS Credentials document is in manual mode and submitted, a CSR is automatically generated by CertMgr.
But the whole flow needs also the import part. of the certificates. Most customers do not have fully automated flows getting certificates.
Here is the flow:
Create a TLS Credentials document in manual mode and fill out the fields
Submit the request
Get the CSR and send it to your CA
Get the certificates from the CA and paste them into the TLS Credentials document
Submit the request again
CertMgr will import the certificates, complete the chain with trusted roots from it's trust store and validate the certificate chain and key combination
Once the document is in certstore.nsf of the server with access, the TLS Cache will automatially pick up the new entry in seconds
This can be automated with scripting. But there is no one size fits all approach for an integration.
I have not seen any customer requests for integrations. But there could be a simple integration interface like what is implemented for DNS-01 challenges.
-- Daniel Nashed
The CSR creation alone isn't much help. And a command-line option is not the right way to integrate from my view.
CertMgr uses a request based model. You can generate documents with Lotus Script and you can even use the Script Lib behind the Import/Export functionality for your own flows.
The CSR can be created adding all the information into the form and setting the right status.
CertMgr will create the CSR.
All formats in CertMgr are text based formats (PEM) and can be added via for example Lotus Script.
The CSR is also text. And even an exportable key is encrypted PEM.
Importing a certificate can be just updating the document with the pasted PEM and setting the status of the document to submitted.
Maybe I should add this to the agenda of my OpenNTF session this month.
-- Daniel Nashed