#dominoforever | Product Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Let's Encrypt Certificate Exchange between Domino and SafeLinx

As Domino 12 is able to use Let's Encrypt for certificate management, enhance SafeLinx, so that is can use the certificates fetched/managed by Domino and the new Certificate Manager (CertMgr).

https://help.hcltechsw.com/domino/12.0.0/admin/wn_automating_cert_management.html

  • Guest
  • Jul 14 2021
  • Assessment
  • Attach files
  • Guest commented
    18 Jun, 2022 08:42pm

    It's not just about CertMgr or ACME. But SafeLinx uses a standard format -- PKCS12.

    Integrations would be a lot easier if PEM would be supported.
    Separate the cert from an encrypted PEM key.

    I have built a couple of integrations for CertMgr and other sources.

    CertMgr uses standards. Everything is PEM based. and you have PEM and PKCS12 export options.

    ACME can work with redirects to any ACME client to port 80 and 443.

    There are many options.

    But this does not need to be CertMgr in all cases.

    When you store a new P12 on a SafeLinx server (with the right password) SafeLinx will switch to the new key/cert imediately.

    You can integrate CertBot and other solutions with SafeLinx.

    With an own ACME integration by HCL pushing an integration with CertBot, I would not expect HCL to implement it.

    But CertBot is a open source solution and pretty open. It's not more difficult to implement on your own.

    I personally find CertBot too complicated.

    CertMgr is much easier and flexible. But yes it is Domino based ;-)

  • Guest commented
    1 Mar, 2022 01:15pm

    I would like an more open Let's Encrypt support for SafeLinx instead of binding it to the Domino CertMgr.
    On Linux provide an SafeLinx plugin for Certbot, so that after an renewal SafeLinx can pickup the new cert and let SafeLinx handle the anoymous ./wellknown HTTP challenge. That should not be taht complicated.
    On Windows use one the wide use Windows ACME clients and provide a SafeLinx plugin, too.