Support for Subject Alternative Name (SAN) field in X.509 certificates

Domino 11.0.1 now supports the use of X.509 certificates that contain a Subject Alternative Name (SAN) field. Certificates with a SAN field (extension) no longer require a Subject field containing a distinguished name for TLS connections.

Domino servers can now make TLS connections to endpoints that use a SAN in their TLS certificate. One of the benefits of this enhancement is it allows Domino servers to connect to Active Directory servers that run on Windows Server 2016 or later versions whose X.509 certificates require SAN.

In addition, you can generate certificates that contain a SAN when you add Internet certificates to Person documents through the CA process. To enable this capability, add the notes.ini setting ENABLE_CERTREC_SAN=1 to the Domino administration server.