HashiCorp ACME with Domino CertMgr – a Beautiful Combination
Daniel Nashed – 30 March 2026 20:59:58
For my upcoming session at HCL Engage next month, I’ve been looking into additional integrations for Domino CertMgr. The guiding principle is simple: use standards wherever possible.One of the most important standards in this space is ACME. It has become the default protocol for automated certificate lifecycle management and is supported by virtually every modern toolchain.
Vault as an enterprise ACME CA
HashiCorp Vault is a modern, API-first PKI solution widely used in corporate environments. With built-in ACME support, Vault can act as a fully functional ACME certificate authority.
That makes integration straightforward:
- Vault provides the CA
- ACME provides the interface
- CertMgr consumes certificates
No custom code, no special handling—just standard protocol.
Why this combination works so well
Domino CertMgr was designed for automation. Pairing it with Vault via ACME creates a clean and robust setup:
- enterprise-grade CA
- fully automated issuance and renewal
- standard-based integration
Current work
I’m currently building a streamlined Vault setup to make testing and demos easier, including ACME-enabled configurations out of the box.
This allows quick validation of:
- Domino integrations
- short-lived certificates
- policy-driven issuance
Some of this will be shown at Engage conference.
- Comments [0]
![[HCL Domino]](../lotus-domino.gif){kind=small}
![[Domino on Linux]](../domino-linux.gif){kind=small}
![[Nash!Com]](../nashcom.gif){kind=small}
![[Daniel Nashed]](../daniel-nsh.gif){kind=small}