Changes coming soon. Watch this space for updates on our new community.

Installing the Domino Command Line (CLI)

petter.olsson Member, Moderator, Domino Posts: 78 mod
  1. Click your username at the bottom of the main menu to download the CLI installer.
  1. Run the installer application.
  2. Open a new command prompt and run:
domino login <url>
  1. Replace <url> with the URL where you access Domino.
  2. When asked for your login information, use the username and password for your Domino account. You should see something like this:
$ domino login 

Enter your Domino username or email address
> username
Enter your password (typing will be hidden)

Congrats, you're all set!



  • polly.vondollen
    polly.vondollen Member Posts: 11
    edited March 2020

    Trying to login into domino locally and getting the following:

    domino login
    | Error! |
    Unexpected error: Couldn't validate the Domino URL you provided. Validation failed with: PKIX path building failed: unable to find valid certification path to requested target
    If you need more help, email [email protected] or visit

    Any ideas on how to resolve this?

    I can save the certificate from though unsure where that needs to go on my machine in order to let it know it's ok to access the URL.

    Background: want to sync a domino project with a OneDrive folder and likely can only do that locally, thus the need to run `domino login`

  • josh.mineroff
    josh.mineroff Member, Moderator, Domino Posts: 9 mod

    This issue is being caused by a missing certificate, and you're on the right track if you downloaded the certificate from the homepage of your Domino UI. Now you'll just need to add it to the Java keystore (in a file called 'cacerts'). To find the location of your cacerts file, you can run:

    echo $(/usr/libexec/java_home)/lib/security/cacerts

    You may need to install the Java SDK if this fails

    Now you can add your company's certificate to the keystore you just identified:

    sudo keytool -keystore PREVIOUS_RESULT -importcert -alias AN_ALIAS_NAME -file *

    If you're a Windows user: The keystore tool should be located in C:\Program Files\Java\jre-x-x\bin (replacing jre-x-x with your version)

    Now try to log into the CLI again. If you are still having issues, check that you added the certificate to the same location where Domino cacerts are stored. Run these commands to compare the paths and, if necessary, repeat the above process using the new path:

    echo $(/usr/libexec/java_home)/lib/security/cacerts
    echo $(which domino)/cacerts

    Please let me know if this solves your issue!

    Josh Mineroff | Field Engineer

  • josh.mineroff
    josh.mineroff Member, Moderator, Domino Posts: 9 mod

    For anyone reading this in the future, you can find the certificate by going to the Domino UI in Chrome and clicking on the lock next to the URL and then the "Certificate" option.

    Then you can click and drag the image of the certificate into your desktop or your Downloads folder to download the file.

    Josh Mineroff | Field Engineer

  • polly.vondollen
    polly.vondollen Member Posts: 11

    So I'm closer but still not 100%. I ran your steps above for the java directory which actually has path on my machine: (source:


    So I believe the certificate is updated there.

    There is no cacerts file in the path below.

    $(which domino)

    I tried running:

    sudo keytool -keystore PREVIOUS_RESULT -importcert -alias domino_cer -file *
    keytool error: Invalid keystore format

    I also tried simply copying the .cer file over to the domino directory but also didn't work, i.e. same error when trying to log into domino CLI.

    Anything else you can think of to try and resolve?

  • pankhuri.verma
    pankhuri.verma Member, Administrator, Moderator, Domino Posts: 19 admin

    When you run echo $(/usr/libexec/java_home)/lib/security/ , what result do you get ? Can you cd to that location and run ls ? You should be able to see cacerts file.

    Once you are in the security folder where cacerts resides, you can run the below command , you will need to replace this -<*> with the path and the name of the allstate certificate -

    sudo keytool -keystore cacerts -importcert -alias domino_cer -file <*>

  • polly.vondollen
    polly.vondollen Member Posts: 11

    When I run:

    MACHINE_NAME:~ pzieg$ $(/usr/libexec/java_home)/lib/security/
    -bash: [SHOWS ABOVE PATH]: No such file or directory

    Though the cacerts file exists here:

    MACHINE_NAME:~ pzieg$ ls $(/usr/libexec/java_home)/jre/lib/security
    blacklist		java.policy		trusted.libraries
    cacerts			policy

    I have successfully added the certificate here though theres an issue when trying to make sure it's also in domino cacerts location, see my comment above.

  • pankhuri.verma
    pankhuri.verma Member, Administrator, Moderator, Domino Posts: 19 admin

    Have you been able to login now -

    domino login

  • polly.vondollen
    polly.vondollen Member Posts: 11

    No, please see my first comment on this thread, I still get the same error.

  • zach.ingraham
    zach.ingraham Member, Administrator, Moderator, Domino Posts: 53 admin

    Hi Polly,

    Sorry you're having trouble getting into the CLI, the cert issues can be frustrating. If I understand correctly, you added the certs to the cacerts file in your default java directory, but that didn't fix the issue. That strongly implies your domino client isn't using the default Java. You also checked the Domino path for a dedicated Java/cacerts and didn't find anything there you can edit. Luckily, there are two relatively straightforward workarounds you can take from here.

    First, you can run:

    ➜ ~ domino --version
    Domino CLI Version: 3.6.12 (build a67acb8c-ffa9-4d27-8e8d-03b5978d945e)
    Running on Java Version: 1.8.0_181 by Oracle Corporation
    Running from path: /Library/Java/JavaVirtualMachines/jdk1.8.0_181.jdk/Contents/Home/jre

    That will give you the path to the Java install Domino is using. You can then add the cert to the cacerts file for that installation of java.

    Second, if that doesn't work, you can actually just specify what cacerts file you want to use. You can copy one of the cacerts files that you've already added the certs to into a location of your choice, then add an option to the domino client's Java VM to use that cacert file instead of the one in its java install. You can do so by adding the following to the domino.vmoptions file located in your Domino install directory (which domino):

    If neither of those options work, then it might be quickest for us to hop on a call so we can troubleshoot real time, if you'd like to do that, you can put in a Support ticket (or we're happy to do so for you) following these directions:

    And if you do, please mention in the ticket that we were talking in Community, so we can make sure the engineer that grabs your case knows to look here for context.


  • james.riseman
    james.riseman Member Posts: 1

    I'm having trouble with the Installer. When I try to run the downloaded .dmg file on my MacBook, I get the error that the launch path is not accessible. Any suggestions?

  • marc.heil
    marc.heil Domino Posts: 1

    There is an additional error that can occur during import:

    According to the importcert documentation for keytool, that -cacerts option is indeed required to access the cacerts keystore

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!