Parameter:
KeyFile_Backup_DisableShort description: Disables the automatic backup of the KYR / PEM keyfile when Domino writes it – saves disk space and avoids “stale copies” of sensitive keys.
Profile
Parameter | KeyFile_Backup_Disable |
Category | Security / TLS |
Component | Server |
Available since | 12.0 |
Supported versions | 12.0, 14.0, 14.5, 14.5.1 |
GUI equivalent | notes.ini only (no GUI) |
Possible values | 0 = backup is created (default), 1 = no backup |
Description
When the server keyfile is changed or updated (e.g.
keyfile.kyr / .sth or PEM with the modern certmgr), Domino creates a backup copy of the previous file by default. This is a rollback safety net, but it leaves additional files with valid private keys on the server. KeyFile_Backup_Disable=1 turns these backup copies off – useful in environments with their own version management (e.g. certmgr + backup strategy) or strict compliance requirements on key traces.Example configuration
KeyFile_Backup_Disable=1
Notes & pitfalls
- Without a backup, a rollback after a failed certificate change is only possible via external backups.
- Takes effect from the next write operation onward (e.g.
tell certmgr renew).
- Useful in combination with active
certmgr(Let's Encrypt automation) and a central backup.
- Existing legacy backups are not removed retroactively.