Environment
Novell GroupWise 7
Situation
In a company eDir tree there are several existing KMO objects
holding Novell or third party certificates and there is a need to
use them also for a secure C/S communication between PO and end
users.
Resolution
A convenient way to secure a C/S communication is to use so
called Gwcsrgenerator that is included in a GroupWise build under
Admin | Utility directory to generate a private *.key file and
signing request that can be sent to a third party company or use it
for generating a certificate file from C1.
However, there is quite often a situation when there is a need
to use the same certificate that is used a company wide for
securing web services, for instance, to use it also
with GroupWise agents or gateways.
In this situation, follow these steps:
- Start C1 and go for a desired KMO object that holds a company wide certificate you want to use. Here we use SSL CertificateIP KMO object as example.
- Check Properties of the KMO object and click on Certificates | Trusted Root certificate.
- Click on Export and do include the private key with a certificate.
- Specify a password and a file location. For NetWare based GroupWise systems keep in mind 8.3 name convention. GroupWise systems on Linux are not limited by a file name length.
- Copy exported *.pfx certificate file in a post office directory structure.
- Check properties of the POA object.
- In GroupWise | SSL Settings use browse bottoms and navigate to the *.pfx file in both sections, in the Certificate File and also in the SSL key file.
- If POA runs in a verbose logging mode, wait till admin message is processed saying that POA needs to be restarted. Or you can structurally rebuild the PO and start it afterwards.
This procedure is helpful in case of using third party
certificates. A procedure how to get third party certificates
implemented in your eDir tree is described for instance in the TID10051597How to install a certificate signed by a
third party for use by the NetWare Enterprise Web Server. Then
there is a custom KMO object and the procedure of this TID
describes how to get, for instance a C/S communication
secured.
The same PFX file, though, can be used for securing any MTA or
POA objects, or gateways. Use SSL Settings tab on each
corresponding agent / gateway objects.