Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

alt

Daniel Nashed

Daniel Nashed's Blog

CertMgr Domino 12.0.1 List all currently used TLS Credentials

Daniel Nashed – 18 October 2021 07:31:27

Starting with Domino 12.0.1 Beta 2 you can show all currently used TLS Credentials on a server.
This helps to understand which TLS Credentials this particular user is currently using and reflects what is in the TLS Cache of each servertask.

The command is a server tell command ("tell certmgr show certs") on the CertMgr server and can be used via "load certmgr -showcerts" on other Window and Linux servers as well.

It shows also the kyr file name and expiration.
The Subject key identifier is shortened and just intended as reference to always find the right document in certstore.nsf.

See my example below...

-- Daniel

PS: I am using the KeyFile as a Tag in some cases and I am omitting the .kyr.
The kyr name is is only a virtual name not a physical file any more to allow mapping Internet sites to TLS Credential documents.


load certmgr -showcerts

  Subject key identifier    Key info     Expiration   KeyFile/Tag            Host names (SANs)
  ------------------------------------------------------------------------------------------------------------------------------------------------------
  30D8 7A17 9BA0 CA6E ...   RSA 4096      64,9 days   keyfile.kyr            *.nashcom.de
  07BB 3F58 13D7 4322 ...   NIST P-256    64,9 days                          *.nashcom.de
  9A98 A7EE 88BE 4200 ...   NIST P-256    25,6 days                          notes.nashcom.de
  4054 7282 65BC 23D5 ...   RSA 4096      35,2 days                          mail1.bücher.nashcom.de mail2.bücher.nashcom.de mail3.bücher.nashcom.de [+1]
  C71F CF82 4508 E456 ...   RSA 4096      63,8 days   rsa_domino_lab_net     *.domino-lab.net
  32BA 66E5 CC03 1E00 ...   NIST P-256    56,9 days                          *.csi-domino.com
  CD47 55CF 76C3 E3CF ...   RSA 4096      57,0 days   wild-csi-rsa           *.csi-domino.com
  19BB B3AA 5D90 7A6C ...   NIST P-256    62,3 days                          jupiter.csi-domino.com
  FEE0 5F49 34F7 BEC0 ...   NIST P-256   119,6 days                          harbor.nashcom.de
  73BC 43EB 0EB9 2CB5 ...   NIST P-256    49,1 days                          dnug.nashcom.de
  ------------------------------------------------------------------------------------------------------------------------------------------------------
  10 TLS Credentials

  18.10.2021 09:35:09   CertMgr: Shutdown


Recent Entries

Feeds

Links

    Archives

    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]