Certificate Manager enhancements
Certificate Manager (CertMgr) includes the following enhancements for HCL Domino 12.0.1.
Certificate import and export
The Certificate Store database (certstore.nsf) now provides a user interface for importing existing TLS credentials in files into TLS Credentials documents. Previously, you could do this only by using the certmgr command options -importkyr -importpem. In addition, when importing or creating new credentials, you can allow the credentials to be exported to a file that is encrypted for the server. PKCS12 and PEM are allowed file encryption formats. For more information, see Upgrading TLS credentials and Exporting credentials to a file.
Micro CA for testing
You can now use certstore.nsf to create TLS certificates from a "Micro" certificate authority (CA). These simplified certificates are intended for testing. For information, see Creating certificates from a micro CA.
New CertMgr commands
- tell certmgr show certs shows information about the currently loaded TLS credentials in certstore.nsf.
- tell certmgr show ocsp uses Online Certificate Status Protocol (OCSP) to show the revocation state of TLS credentials in certstore.nsf.
- load certmgr -showcerts shows information about the currently loaded TLS credentials in certstore.nsf. Can be used on a server that doesn't run CertMgr.
- load certmgr -ocsp uses Online Certificate Status Protocol (OCSP) to show the revocation state of TLS credentials in certstore.nsf. Can be used on a server that doesn't run CertMgr.
DSAPI filter no longer required
- If you have the DSAPI filter (n)certmgrdsapi specified in your Server document or Internet Site documents, remove it from the configuration.
- The notes.ini trace and debug settings are updated to match the HTTP server task naming conventions: HTTP_CertMgr_Verbose=1, HTTP_CertMgr_Debug=1.
- The notes.ini setting CertMgr_AutoConfig is no longer needed or available.
- The CertMgr -c option is no longer needed or available.