Back to blog overview

Domino Security Check 2025 – Start the new year on a stable footing

The end of the year is the ideal time to check the Domino environment for security and stability. Unlike a comprehensive annual audit, the focus here is not on a complete analysis, but rather on a targeted check of key operational parameters. With a few structured steps, risks can be minimized and the foundation laid for a reliable start in 2026.

Purpose of the check

The Domino year-end security check serves as a short-term review of security- and operationally relevant system settings.
The focus is on:

• current patch and fix pack status,

• secure web and communication interfaces,

• Certificate management,

• Monitoring and logging functions.

This check complements the annual Domino audit – more compact, but with high practical benefit.

1. System status and updates

• Check that all Domino and Notes servers are up to date with the latest fix pack and hotfix version (e.g., Domino 14.5 FP1).

• Check the Windows patch level on all systems involved.

• Check if the Domino AutoUpdate service is actively used – especially in multi-server environments, this saves considerable maintenance effort.

Tip: Plan updates before the year-end lockout period to ensure a stable state at the turn of the year.

2. Web server technology for HCL Verse and HCL Nomad Web

• Check that the Domino web servers are correctly configured for Verse and Nomad Web.

• If you haven't already done so, activate CertMgr-based certificate management (certstore.nsf).

• Check HTTP access via TLS 1.2 and disable older protocols (TLS 1.0/1.1).

• Test the accessibility and performance of the web components both internally and externally.

Result: A clean web server implementation is a prerequisite for the secure operation of Verse and Nomad Web – and reduces support effort for client rollouts.

3. Certificates and encryption

• Check the expiry dates of all SSL certificates in certstore.nsf.

• Check if the automatic renewal process (CertMgr Task) is active.

• Check the configuration of the key lengths and hash algorithms (RSA ≥ 2048 bits, SHA-256).

• If any key rollovers are still pending: perform them before the end of the year to avoid authentication errors.

4. Logging and Monitoring

• Check that the most important log databases are configured and maintained (size control):

  • log.nsf, domlog.nsf, ddm.nsf, statrep.nsf.

• Check the status of active event notifications and monitoring agents.

Recommendation: Create a year-end archive of the log files to ensure clean starting conditions for 2026.

5. Authentication and Access

• Check the ID Vault synchronization and the status of user passwords.

• Perform a sample of ACLs in sensitive databases (mail, ERP, CRM).

• Check if modern authentication is enabled for web access – especially federated login for Nomad Web.

Conclusion

The year-end Domino security check is not a replacement for a full audit, but a targeted instrument for operational security.
With manageable effort, administrators can gain clarity about the current state of their infrastructure – and ensure a stable start to the new year.

Checklist – Domino Security Check 2025

1. ✅ Fix packs and Windows updates up to date

2. ✅ Domino AutoUpdate enabled (Download Option)

3. ✅ Web server for Verse and Nomad Web active and accessible via HTTPS

4. ✅ TLS 1.2 active, old protocols disabled

5. ✅ CertMgr active, certificates valid until ≥ 06/2026

6. ✅ Log and monitoring databases checked

7. ✅ ID Vault synchronized

8. ✅ ACL random sample testing performed

9. ✅ Federated login active

10. ✅ Backup and restore tested

Would you like to have your surroundings checked before the end of the year?
We support you with a compact Domino security check – individual, efficient and without interrupting operations.

11 November 2025 Back to blog overview