What's new in Beta 2

Here are descriptions of new features and enhancements introduced in Beta 2 and links for more information.

  • Automated TLS certificate management with CertMgr and certstore.nsf includes these enhancements for Beta 2. For the complete documentation, see Automating TLS certificate management.
    • Keyring files are no longer attached to the TLS Certificate documents created in certstore.nsf. Domino 12 servers are still able to read keyring files. The storage in certstore.nsf for certificates is PEM. All private keys are stored encrypted for Domino servers that have access. Only the CertMgr server can access the private keys associated with ACME accounts.
    • To take advantage of certstore.nsf functionality, the new command load certmgr -importkyr key.kyr|all is available to migrate a specific keyring file or all keyring files currently configured for a Domino server in a Server document or Web site document into a TLS Credentials document. The keyring files must use the extension .kyr. The keyring files remain on disk. For more information, see CertMgr command line parameters.
    • When you change the list of Domino servers that are allowed access to certificates in a TLS Certificate document, the private key is now automatically re-encrypted.
    • The new command load certmgr -MIGRATETOSERVER servername is available to migrate to a different CertMgr server by using the new server to encrypt all private keys. For more information, see CertMgr command line parameters.
    • Wildcard certificates are now supported for Let's Encrypt certificate operations that use DNS-01 challenges and for manual certificate operations.
  • One-touch Domino setup introduces two new top-level objects for JSON file input: appConfiguration used to configure applications and autoConfigPreferences used to specify preferences for running one-touch setup. In addition, the top-level object serverSetup supports some additional parameters. For more information, see One-touch Domino setup.
  • If not all servers enabled for DAOS use the same credential store, the new command keymgmt export sharedkey allows you to export a shared key from one credential store so that you can then import it into another. This allows servers across credential stores to share the key for object encryption. For more information, see Importing shared keys into another credential store.
  • Cascaded Multilingual User Interface (MUI) pack installer
  • Support for SameSite cookie
  • New Query Vault command options
  • New features related to the end-user experience