HCL Domino Ideas Portal
Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.
For more information and upcoming events around #dominoforever, please visit our Destination Domino Page
Creating a new private key is problematic.
We would need to have a pending new key and can't replace the key.
The CSR flow is a manual process which is not end to end automated, because of the nature of external CAs.
The best way is to create a new TLS credentials document with a new key and once the certificate is merged, delete the old TLS Credentials document or let it expire.
If we would change the key and the operation takes a while, you end up with no valid TLS Credentials document.
With ACME the operation works differently. We create the new key and CSR on the fly during the ACME flow.
That allows us to roll over the key.
The manual flow is a two step process in contrast with an unknown time delay. It could take days until the Domino team gets a certificate from another department.
Creating a draft new key would need a lot of new logic, which would confuse admins more than it would help.
IMHO having a new TLS Credentials document makes more sense to keep it clean.
If you want this type of flow and need the pending new key in the same document, that is a very specific request.
If there are no other customers who would need this option for the manual flow, we would need more customers requesting it.
For now you can just copy the settings from one document to a new document and create a new key.
Once done expire the existing document.
This can be automated with an own agent.