SECURING

Running CertMgr
Configure CertMgr to start automatically by adding CertMgr to the ServerTasks notes.ini setting or by scheduling it to run in a Program document. The first time it runs, it creates the Certificate Store database (certstore.nsf).

CertMgr can be run on Domino 12 servers on Windows and Linux platforms, including supported containerization platforms such as Docker. Starting with Domino 12.0.2, CertMgr is provided with Domino on AIX too.

One server in a Domino domain should function as an administrative server that runs CertMgr regularly and processes certificate management requests. The Domino administration server for the domain is a good choice.

The Domino web servers in the domain function as clients with replicas of certstore.nsf. CertMgr can be run once on the web servers to create replicas of cerstore.nsf. If the web servers continue to run CertMgr, the task automatically replicates certstore.nsf at a frequent interval. You can manage replication of certstore.nsf yourself without continuing to run CertMgr on the web servers as long as you replicate certstore.nsf frequently.

Parent topic: Managing TLS certificates with Certificate Manager