Home
What's new in Domino 12?
Learn about all of the new features for administrators in HCL Domino® 12.
What's new in 12.0.1?
HCL Domino 12.0.1 introduces the following new features.
Enhancements related to security features
HCL Domino 12.0.1 provides the following enhancements related to security features.
Certificate Manager enhancements
Certificate Manager (CertMgr) includes the following enhancements for HCL Domino 12.0.1.

What's new in Domino 12?
Learn about all of the new features for administrators in HCL Domino® 12.
- What's new in 12.0.1?
  HCL Domino 12.0.1 introduces the following new features.
  - Enhancements related to security features
    HCL Domino 12.0.1 provides the following enhancements related to security features.
    - ID files in mail files no longer used for vaulted iNotes and Verse users
      In this release, if an iNotes or Verse user has an ID file in the vault, the vaulted ID is always used for secure mail operations.
    - Certificate Manager enhancements
      Certificate Manager (CertMgr) includes the following enhancements for HCL Domino 12.0.1.
    - TOTP enhancements
      The following TOTP enhancements are provided in Domino 12.0.1
    - New algorithms for importing and exporting S/MIME and TLS credentials
      Domino 12.0.1 adds more flexibility and security by supporting new algorithms for the PKCS#12 and PEM functionality used for importing and exporting S/MIME and TLS credentials.
    - Use Notes Shared Login to secure server ID files
      The Notes Shared Login (NSL) functionality has been extended to securing server ID files.
    - More secure internet passwords supported when logging on to Domino Java console
      Administrators whose Internet passwords have the secure Internet password option Yes - Password verification compatible with Notes/Domino release 8.0.1 set can now log on to the Domino Java Console. Previously, this level of Internet password security was not supported for the Java console.
    - New qvault command option to update user data
      A new qvault command option, -p, allows you to update user data in the ID vault.
  - One-touch setup enhancements
    HCL Domino 12.0.1 includes Domino one-touch setup enhancements.
  - Silent installs supported for cascaded MUI pack
    Silent installs are supported for the cascaded Multilingual User Interface (MUI) pack introduced in V12.0
  - Beta version of 64-bit Windows clients
    A beta version of a 64-bit Domino Designer client, Administrator client, and Notes standard client for Windows (English-only) is provided through a separate installer.
  - Improved name lookup to find Active Directory users
    When Domino users want to add the names of Active Directory users or groups to Domino groups, database ACLs, or email messages, Active Directory can now be one of the directories that is available for them to search.
  - Auto-processing of rename requests
    A new features allows you to configure the Administration Process to automatically process rename requests for users who have Notes IDs in the vault. This feature avoids the need for a user to authenticate with a Domino server from the Notes client to kick off rename processing.
  - Entitlement tracking enhancements
    HCL Domino 12.0.1 provides the following enhancements to the Entitlement tracking feature.
  - Mail routing between Domino and domains with Internationalized Domain Names (IDNs)
    Domino mail users can now communicate with non-Domino mail users who use internationalized domain names (IDNs) in their email addresses.
  - DKIM signing for messages routed to external Internet domains
  - Hide folders in the Files tab of the Domino Administrator
    A new server notes.ini setting allows you to prevent specified folders in the Domino data directory from loading in the Files tab of the Domino Administrator.
  - Backup and restore enhancements
    V12.0.1 provides the following enhancements for backup and restore functionality.
  - New Updall options
    New Updall options are available.
  - Compact enhancement
    When you use the compact command with -c, -X, and -restart options, a file called <database>.restart is created when the time limit specified by -X is reached.
  - New Notes client notes.ini settings
    Use notes.ini settings to customize the following aspects of the Notes 12.0.1 client.
  - notes.ini setting recommendation for Windows Server 2022
    Windows Server 2022 is supported as of HCL Domino 12.0.1. If high-traffic mail or applications servers on this platform exhibit performance issues (high system CPU usage or hangs), to improve performance, use the notes.ini setting OS_DISABLE_CACHESET=1. This setting disables manipulation of the Microsoft File System Cache.
  - .ind file enhancements
    HCL Domino 12.0.1 provides .ind files enhancements.
  - R4.6 and R5 sections removed from Domino directory
    Sections of the Domino directory that pertained only to Domino R4.6 or R5 are removed in HCL Domino 12.0.1.
  - New Java Runtime Environment (12.0.1)
    A new Java Runtime Environment (JRE) is provided with HCL Domino 12.0.1 and HCL Domino Designer 12.0.1.
- What's new in 12.0?
  HCL Domino 12.0 introduces the following new features.
- Components no longer included in this release
  The following components are no longer included.

Certificate Manager enhancements

Certificate Manager (CertMgr) includes the following enhancements for HCL Domino 12.0.1.

Certificate import and export

The Certificate Store database (certstore.nsf) now provides a user interface for importing existing TLS credentials in files into TLS Credentials documents. Previously, you could do this only by using the certmgr command options -importkyr -importpem. In addition, when importing or creating new credentials, you can allow the credentials to be exported to a file that is encrypted for the server. PKCS12 and PEM are allowed file encryption formats. For more information, see Upgrading TLS credentials and Exporting credentials to a file.

Micro CA for testing

You can now use certstore.nsf to create TLS certificates from a "Micro" certificate authority (CA). These simplified certificates are intended for testing. For information, see Creating certificates from a micro CA.

New CertMgr commands

The following server commands are new:

tell certmgr show certs shows information about the currently loaded TLS credentials in certstore.nsf.
tell certmgr show ocsp uses Online Certificate Status Protocol (OCSP) to show the revocation state of TLS credentials in certstore.nsf.
load certmgr -showcerts shows information about the currently loaded TLS credentials in certstore.nsf. Can be used on a server that doesn't run CertMgr.
load certmgr -ocsp uses Online Certificate Status Protocol (OCSP) to show the revocation state of TLS credentials in certstore.nsf. Can be used on a server that doesn't run CertMgr.

DSAPI filter no longer required

The CertMgr DSAPI filter HTTP-01 challenge functionality is integrated in the HTTP task and is enabled by default. You no longer configure the DSAPI filter and it has been removed from the install kit. As a result:

If you have the DSAPI filter (n)certmgrdsapi specified in your Server document or Internet Site documents, remove it from the configuration.
The notes.ini trace and debug settings are updated to match the HTTP server task naming conventions: HTTP_CertMgr_Verbose=1, HTTP_CertMgr_Debug=1.
The notes.ini setting CertMgr_AutoConfig is no longer needed or available.
The CertMgr -c option is no longer needed or available.