Adding trusted roots to Domino containers
Daniel Nashed – 5 April 2025 10:04:29
Linux and Domino comes with a good set of public trusted certs.
But in corporate environment you often have to add your own trusted root for a corporate CA.
This starts with Linux which needs certificates to validate repository servers and other resources.
Domino trusted roots
But also within Domino there are trust stores which might need central management.
Domino Directory Trusted roots, certstore.nsf Trusted roots can be easily centrally updated.
But the following two trust stores are more difficult to manage:
- /local/notesdata/cacert.pem used for HTTP Requests in Lotus Script and other backend code using curl
- Domino JVM trust store used by Java
The cacert.pem file could be written by an agent.
But the JVM trusted roots are located in the binary directory, which is write protected.
The following document describes how this functionality works
https://opensource.hcltechsw.com/domino-container/reference_custom_roots/
For feedback please open a GitHub issue in the project instead of comments to this blog post
-- Daniel
- Comments [0]
![[HCL Domino]](../lotus-domino.gif){kind=small}
![[Domino on Linux]](../domino-linux.gif){kind=small}
![[Nash!Com]](../nashcom.gif){kind=small}
![[Daniel Nashed]](../daniel-nsh.gif){kind=small}