Start/notes.ini Parameters/COS_SKIP_SSL_VERIFY

COS_SKIP_SSL_VERIFY

Parameter: COS_SKIP_SSL_VERIFY
Short description: For DAOS Tier 2 (S3/MinIO over HTTPS): skips verification of the SSL certificate. Intended only for self-signed certificates.

Profile

Parameter
COS_SKIP_SSL_VERIFY
Category
DAOS (Tier 2 / cloud object storage)
Available since
At least 11.0.1 (HCL documentation)
GUI equivalent
notes.ini only (no GUI)
Possible values
1 = skip SSL verification · not set / 0 = verify (default)
Default
Not set (= full SSL verification)

Description

According to the HCL product documentation (DAOS Tier 2 with MinIO):
To use secure connections over HTTPS, load the SSL certificate on the MinIO server, following instructions in the MinIO documentation. If the certificate is self-signed, add the following notes.ini setting to the Domino server: COS_SKIP_SSL_VERIFY=1.
With COS_SKIP_SSL_VERIFY=1, the administrator instructs the Domino server to skip SSL certificate verification for HTTPS connections to the DAOS Tier 2 object storage. The switch is intended for environments in which the object storage uses a self-signed certificate — e.g. local MinIO test instances.
In production, a certificate properly signed by a trusted CA should be used instead, and this switch should not be set.

Example configuration

COS_SKIP_SSL_VERIFY=1

Notes & pitfalls

  • Security risk in production — disables protection against man-in-the-middle attacks on the connection to the object storage. Data is still encrypted, but the identity of the endpoint is not verified.
  • Alternative without TLS: COS_USE_HTTP=1 (completely unencrypted).
  • With correctly installed certificate trust on the Domino server, do not set.
  • After successful activation, the server writes AWS:AWSSelfTest: Success. AWS connection for DAOS is up and running. to the console.
  • Server restart required after change.

Sources (HCL Product Documentation)