Important Domino 12.0.1 IF1 for customers using DAOS  

By Daniel Nashed | 1/10/22 2:50 AM | Infrastructure - Notes / Domino | Added by Oliver Busse

This issue has been already in 12.0, but was discovered to late to be included into 12.0.1. HCL worked hard to get IF1 out ASAP. There was a hotfix already available end of the year. But IF1 take a bit longer than distributing a hofix -- there is more testing is involved.

Introducing Domino One-Touch JSON templating - Without manual JSON editing :-)  

By Daniel Nashed | 12/30/21 6:09 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Domino One-Touch setup with JSON format is really great stuff -- I love it since day one. But it might be a bit difficult to edit for many admins -- Even if you use an prepared template, you have to edit the JSON file in an editor to specify server name, etc. Using variables ala Helm or Ansible makes a lot of sense and if you leverage existing JSON config templates, you might get away with not editing JSON at all. Both using the {{ Variable }} syntax. But I am more used to the shell variable syntax: ${Variable}. So I implemented both.

Domino 12.0.1 One-Touch setup supports MicroCA and import existing certs  

By Daniel Nashed | 12/30/21 2:28 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Did you notice already that the One-Touch setup supports importing TLS Credentials for a first server setup? You can pass a *.kyr file, a PKCS#12 (*.p12, *.pfx) or *.pem file. The files can even have a password and you can mark the resulting TLS Credentials file for export with a new password! So the full import functionality added in Domino 12.0.1 CertMgr UI is exposed in One-Touch setup for ENV variable and JSON formatted setup!

Introducing a Lab CA for testing  

By Daniel Nashed | 12/30/21 2:27 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Domino 12.0.1 CertMgr provides a MicroCA for testing. You can create any type of TLS web server certificate for any name. The only restriction is that the private key cannot be exported and is recreated every time you renew the certificate. It's designed as a very easy to use, simple small CA. But this is already pretty cool for internal test environments. You can even deploy the trusted root into your browsers.

Why does certificate management need that complicated?  

By Daniel Nashed | 12/29/21 2:41 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Certificate management is not rocket science and it looks like we just have too complicated tooling. Why does certificate information need to be displayed that cryptic? And why does certificate conversion need to be that complicated with cryptic parameters? OpenSSL command line is the standard Swiss army knife. But why is it that complex to use? Probably because it has been written over the years and it is built by geeks for geeks .. Domino 12 comes with CertMgr and cerstore.nsf and is very easy to use. With 12.0.1 the export/import functionality can be used to convert certificates. And we are using it for customers already to convert certificates for external applications.