HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Add a new idea Subscribe
Status Needs Clarification
Workspace Domino
Created by Guest
Created on Sep 13, 2023

RELATED IDEAS

Auto update of CA root certificates

Customer want to update CA root certificates in Domino/certstore.nsf automatically, when they are updated.

Currently, they are updated by upgrading Domino. (major upgrade or fix packs)

  • Attach files
  • Guest
    Reply
    |     Oct 10, 2023

    From where would those trusted roots be updated?
    Who makes sure they are valid and really trustworthy?
    The TrustedRoots in Domino directory are populated from pubnames.ntf which is feed with trusted roots from the cacerts shipped with LibCurl currently.

    certstore.ntf only ships trusted roots for Let's Encrypt.

    Any other trusted root needs to be explicitly imported by an admin to make it trusted.

    certstore.nsf is used for specific application trusts. Not for client or trusted etc.


    See the following documentation for details --> https://opensource.hcltechsw.com/domino-cert-manager/trusted_roots/
    Can you describe in more detail what flow you are thinking of to get trusted roots and from where with this background?


Copyright © 2023 HCL Technologies Limited