HCL Notes Crash While Importing PKCS12 Database to the HCL Domino Certificate Manager

While I was working with HCL Domino Certificate Manager (CertMgr), which btw. is awesome, I encountered an issue, that caused HCL Notes to crash.

Namely, the import of a seemingly valid PFX file (PKCS12 database, downloaded directly from the customer’s TLS provider’s site) caused the HCL Notes to crash, after which the certificates and the private key contained in the file, were not imported. I could reproduce the issue with the same PFX file in multiple environments running HCL Domino 12.0.2 FPx, HCL Notes 12.0.2 as well as HCL Notes 14.0.

Upon closer inspection of the PFX file using OpenSSL, I’ve found that the Message Authentication Code (MAC), used to verify and protect the integrity of the PKCS12 database, was missing. This could be observed by issuing the following OpenSSL command:

openssl pkcs12 -in testNoMac.pfx -passin pass:testNoMac -passout pass:testNoMac -info

The output of the command, using OpenSSL version 3.1.2:

Warning: MAC is absent!
PKCS7 Data
Certificate bag
Bag Attributes
localKeyID: 24 FB 6A AF B8 E6 C7 73 F1 F0 71 EF E7 7E 6D 79 14 A7 B4 07
subject=CN = site.server.com
issuer=C = US, O = Let's Encrypt, CN = R3
-----BEGIN CERTIFICATE-----
MIIE9DCCA9ygAwIBAgISBCP4MnSnMtntgtWJ9eTtay33MA0GCSqGSIb3DQEBCwUA

Looking into the matter a little bit further, I was able to produce PKCS12 databases using OpenSSL, for testing purposes, without MAC by using the “-nomac” switch, for example:

openssl pkcs12 -export -out testNoMac.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -nomac

Note: I don’t know why you would want to produce a PKCS12 database without MAC, if you know of a valid use case for doing so, please let me know.

Every PKCS12 database I’ve produced with “-nomac” switch would successfully crash HCL Notes. 🙂

As a workaround, I’ve imported the certificates and the private key needed, using the PEM format, which is also accepted by the HCL Domino Certificate Manager.

This issue is currently being inspected and, at the time being, I don’t have the information about which component, on the HCL Notes client, is causing the crash. I hope this saves you some time if you encounter the same issue.

UPDATE: In the meantime, it’s verified that the missing MAC information from the PKCS12 database is causing HCL Notes to crash. This issue has been reported and tracked under the SPR # DNADD46LU5.

HCL Notes – Swiftfile Not Working as Expected

When using the “preview pane” in HCL Notes, and clicking on a folder, suggested by SwiftFile, the “move to folder” dialogue would sometimes come up. This was happening to my client, in about 1 of 20 cases

Screenshot of the issue described above.

I tried numerous things to resolve this issue, but in the end, the only thing that helped was rebuilding the Swiftfile index, which can be done in your HCL Notes “Preferences” menu (open your mail database and navigate to “More –> Preferences –> Mail –> Swiftfile –> Rebuild index )” as displayed in the screenshots bellow:

After rebuilding the index, the issue hasn’t occured again and HCL Notes Swiftfile was working as expected.

HCL Domino – Contact Sync Issues

Recently, we came across some issues with contact synchronization between mobile devices using HCL Traveler, mail databases of HCL Notes users, and address books of the HCL Notes Roaming users.

To be exact, these are two separate problems which are described in the following Knowledge Base articles:

KB0099431

KB0097255

You might have the issues mentioned in the KB articles above, but haven’t noticed them yet, as the HCL Notes and HCL Traveler users will only have problems with synchronizing certain contacts “across the board”, namely those which are created on HCL Traveler devices. The issue will become more apparent with the users having more than one mobile device activated on HCL Traveler, as the contacts created on one of the devices will not sync to the other and vice versa.

There is a workaround for both issues, as stated in the KB articles mentioned above, which is to add the “AccessContacts” role to the owner of the mail database as well as to the roaming address book database, assuming the same user is also a roaming user. You can either do this manually or via LotusScript code provided by Domino Development, which you can find in the following Knowledge Base article:

KB0099761

Many thanks to the HCL Traveler team for confirming the issue and developing the workaround so quickly, as well as to the HCL Domino Development team for writing the code to implement the workaround.

New Fixes for HCL Notes 12.0.1 German Template

As of yesterday, a new version of HCL Notes 12.0.1 German mail template is available, which incorporates the fixes for the following SPRs:

SPR  # PDARCBQ86U >>  DOMI: MSTeams meeting is not getting updated with new URL when user opens the accepted reschedule invite

SPR  # PDARCC68MC >>  DOMI: Reschedule meeting notice displays the old url for MSTeams meeting when chair accepts the counter

You can find the new version of the HCL Notes 12.0.1 German mail template in the KB0097354 article.

Hope this helps! 🙂

Here it comes! HCL Domino & Notes v12 Beta 3

Today Luis Guirigay, Barry Rosen and Thomas Hampel showed us the HCL Domino & Notes Beta 3 of the Version 12. Guess what!? It is available on the HCL Flexnet site for download as of now! 🙂

Where to download the v12 Beta.

I will give my best to list the most important takeaways from the today’s webinar in the following.

This is the last of the planed Beta releases before the global launch of the HCL Domino and Notes Version 12.

Timeline and Components of the HCL Domino and Notes v12.

The latest beta release is available in the following languages:

HCL Domino v12 supported languages.

As of HCL Domino version 12, additional Linux server distributions are supported.

Additional Linux Platforms.

HCL Notes 64-Bit Basic Client for Windows is available for download, a release of HCL Notes 64-Bit Standard Windows Client is planned in the future.

HCL Notes 64 Bit Client Beta.

I was especially excited as I have seen the following slide:

The Active Directory Password sync looked perfect and polished in a Demo. It takes less than 5 seconds to sync a user’s password, since it was changed in Active Directory, to Domino.

The Backup Solution also looks great, the whole backup and restore process can be controlled inside one new Domino Database. In a Demo, the restore process certainly looked fast and easy, Thomas restored some deleted Mails and Folders with ease.

New Domino Backup and Restore Database.

The backup and restore process should now be possible with most backup software vendors.

Architecture of the HCL Domino v12 backup/restore solution.

There are also some news about licensing, the CCB/CCX Licenses can now be tracked easily inside Domino, no matter how complicated your environment is.

HCL Domino & Notes Entitlement Tracker Demo.

HCL Nomad Web will also be publicly available with HCL Domino and Notes v12.

If you would like to participate in the Beta program, you can do so, HCL is open about it and they will welcome any feedback. You will need to register for an Account and afterwards you will be able to access the beta forum.

And last but not least, make space in your calendar for the HCL Domino and Sametime Launch Event on June the 7th.

Happy Testing! 🙂