Configuring Domino server to request a certificate
After you've run Certificate Manager (CertMgr) to create the Certificate Store (certstore.nsf), prepare the HCL Domino® server to request a certificate.
About this task
Procedure
- Review the Certificate Store (certstore.nsf) ACL. Administrators and Domino servers in the domain require Manager access and the Administrator role. LocalDomainAdmins and LocalDomainServers have this access by default.
- Configure the outgoing HTTPs port (443) on the CertMgr server. If the server connects to Let's Encrypt® servers through a proxy server, configure a proxy account in certstore.nsf. For more information, see Configuring CertMgr to connect through a proxy.
-
Use the notes.ini setting HttpPublicURLs to configure the Web server for which
the certificate is being requested to respond to HTTP requests on port 80 on the
.well-known/acme-challenge/URL:The following example uses the notes.ini setting HttpPublicURLs to define the .well-known/acme-challenge/ URL and to use an iNotes or Verse redirect login database:HttpPublicURLs=/redir.nsf/*:/.well-known/acme-challenge/*Note: For this Early Access drop, redirecting HTTP (Port 80) to HTTPS (Port 443) is not supported. -
Enable the required DSAPI filter on the Web server for which the certificate is
being requested:
-
If the Web server for which the certificate is requested is not the Domino
server making the request, complete these steps:
-
Restart the HTTP task on the Web server:
restart task http