HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Add a new idea Subscribe
Status Under Consideration
Workspace Domino
Categories Security
Created by Guest
Created on May 16, 2019

RELATED IDEAS

The ability to delete certificates from a server's ID file especially for SAML enabled servers

Currently when creating a IdP Configuration document if the certificate name must be unique as the certificate is stored in the server's ID file, which is an issue when you wish to create new IdP configuration documents for the same server and wish to use the same company name as mentioned in the following documet

https://www-01.ibm.com/support/docview.wss?uid=swg22013896

It would be helpful to be able to delete old certificates from the server's ID file so that when creating a IdP Configuration document that the same company name can be used.

 

  • Attach files
  • Guest
    Reply
    |     May 11, 2022

    I disagree with the previous commenter from 23 Nov, 2020.

    This feature does not exist.

    The following is from R12.0.1 FP1:

    certmgmt -?
       Command or option is not recognized
    help
    [...]
    CERTMGMT
      IMPORT      [overwrite]
      CREATE saml [overwrite]
      EXPORT saml [overwrite] pkcs12 
      EXPORT saml [overwrite] xml 
      REGISTER xml <filename>
      REGISTER p7b <filename>
      SHOW all
    [...]

    -> there is no delete option


    If we open a server.id in the Admin Client, the option "Delete from ID File" is greyed out when we select e.g. a saml certificate.

    So, there really is no option to delete obsolete certificates/keys.

  • Guest
    Reply
    |     Nov 23, 2020

    This is already a feature. There is a built in tool you can use with the Domino server console.

    Use certmgmt to view, import, export and delete certificates from the server's ID file.

    certmgmt -? to view the help file which provides syntax.

    If you'd like to use the GUI you can also copy the server's ID to the administrator's machine, and use the Admin client. Click Configuration > Certification > ID Properties. Browse to the server.id file that you copied, then click Your Identity > Your Certificates. Use the type switcher to change to Your Internet Certificates. Select/highlight the cert you want to delete from the list. Click Other actions > Delete from ID File.

    At this point you can put the updated ID file on the server and restart Domino.

Copyright © 2023 HCL Technologies Limited