#dominoforever | Product Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Select the signing S/MIME certificate based on the used personal or team mailbox

When users (e.g. jdoe@acme.com) import a valid S/MIME certificate into their ID file, this enables them to send signed email. Usually the imported certificate will be set as their default signing certificate. The email listed in the certificate matches the users email used in their personal mailbox listed in the Domino Directory. Fine so far.

However, if users utilize the supported Team Mailbox functionality, they usually use a separate mailbox to send e.g. email with a different email address e.g. sales@acme.com. If they tick the sign checkbox in the team mailbox, they get a mismatch warning because jdoe@acme.com is different from sales@acme.com.

If these users import a S/MIME certificate for sales@acme.com, let's call that the group or team certificate, they have to designate either jdoe@acme.com or sales@acme.com to be their default signing certificate. They can not use both certificates simultaneously to either sign one or the other email address they are using.

I'd like to suggest that the Notes client selects the certificate from the ID file (ID vaulted) from the list of certificates in the ID file automatically if:

  • the certificate is valid (as it does now for the default case)

  • the email address in the certificate matches the team mailbox assigned address

The idea here is that users can use different mailboxes without a cumbersome switching of the default signing certificate. If this functionality is added, users can send signed email (to fight phishing) regardless of the mailbox they are using seemlessly.

Currently users have to decide which mailbox should be used for signing as only one default signing certificate can be used now.


  • ID switching is not an option from the usability point of view

  • adding the sales@acme.com to the default certificate is not an option

  • Guest
  • Jul 1 2022
  • Needs Review
  • Attach files
  • Guest commented
    1 Jul 09:23pm

    Tip: to use this team mailbox scenario with signing, I had to remove the email address from the location "Online" document of jdoe@acme.com. Otherwise Notes complains about the mismatch of jdoe@acme.com and sales@acme.com. Other than that, it works. Notes Client used: 12.0.1 FP1