NotesClass CertMgrUtils - Export / Import / Copy trusted roots into Domino Directory
Daniel Nashed – 25 February 2026 23:30:43
As part of an application I am working on, I wrote a Notes Class to manage TLS Credentials.
What was of special interest is to copy trusted roots from CertStore into Domino Directory because it is needed for the NotesHTTPRequest in Lotus Script since 14.5 by default on servers.
There isn't any automation to import Trusted roots. But there is a simple way to import Trusted Roots into certstore.nsf by generating a request.
The resulting document can be copied into the Domino directory -- But the document needs to be mangled a bit.
Function CopyTrustedRootToDominoDirectory (doc As NotesDocument, DominoDirectoryDb As NotesDatabase) As Integer
In addition to Trusted Root functionality I also added the export and import functionality as easy to use functions.
There is a C-API call designed explicitly for use via LS2CAPI used in a ScriptLib
All functionality requires an existing document in certstore.nsf
I might add more functionality over time.
Function CertStoreCreateExportableKey (doc As NotesDocument, ExportPassword As String) As String
Function CertStoreImport (doc As NotesDocument, ImportFilePath As String, CurrentPassword As String, ExportPassword As String) As String
Function CertStoreExport (doc As NotesDocument, ExportFilePath As String, CurrentPassword As String, ExportPassword As String) As String
For now it is mainly intended for my application. But if you need this type of functionality, I am happy to share the ScriptLib which contains the CertMgrUtils class.
- Comments [14]
![[HCL Domino]](../lotus-domino.gif){kind=small}
![[Domino on Linux]](../domino-linux.gif){kind=small}
![[Nash!Com]](../nashcom.gif){kind=small}
![[Daniel Nashed]](../daniel-nsh.gif){kind=small}
1Carl Tyler 25.02.2026 22:51:26 NotesClass CertMgrUtils - Export / Import / Copy trusted roots into Domino Directory
I'd love this library. I'm always trying to remember the keytool commands and password whenever the ssl cert gets updated. This way I could automate it.
2Daniel Nashed 27.02.2026 0:23:46 NotesClass CertMgrUtils - Export / Import / Copy trusted roots into Domino Directory
@Carl,
Domino CertMgr alone would help you for that.
The Lib is just for full automation to build solutions which are fully integrated.
You don't need the kyrtool any more.
Also most operations could be automated in Lotus Script in an easier way once you have the key in Domino.
All data beside the private key can be read with plain Lotus Script in PEM format.
The Lib will be what you need for special cases like pushing trusted roots to Domino directory.
Or when creating a private key automatically.
I am using this CertMgr lib for full end to end automation.
But for that you would also need the CA to be automated.
The standard flows are all dramatically simplified.
But yes if you want to fully integration I am happy to have you use the lib.
I am testing it in one of my applications right now.