How to use existing eDir KMO objects to secure C/S communication.

  • 3153154
  • 03-Sep-2007
  • 26-Apr-2012


Novell GroupWise 7


In a company eDir tree there are several existing KMO objects holding Novell or third party certificates and there is a need to use them also for a secure C/S communication between PO and end users.


A convenient way to secure a C/S communication is to use so called Gwcsrgenerator that is included in a GroupWise build under Admin | Utility directory to generate a private *.key file and signing request that can be sent to a third party company or use it for generating a certificate file from C1.
However, there is quite often a situation when there is a need to use the same certificate that is used a company wide for securing web services, for instance, to use it also with GroupWise agents or gateways.
In this situation, follow these steps:
  1. Start C1 and go for a desired KMO object that holds a company wide certificate you want to use. Here we use SSL CertificateIP KMO object as example.
  2. Check Properties of the KMO object and click on Certificates | Trusted Root certificate.
  3. Click on Export and do include the private key with a certificate.
  4. Specify a password and a file location. For NetWare based GroupWise systems keep in mind 8.3 name convention. GroupWise systems on Linux are not limited by a file name length.
  5. Copy exported *.pfx certificate file in a post office directory structure.
  6. Check properties of the POA object.
  7. In GroupWise | SSL Settings use browse bottoms and navigate to the *.pfx file in both sections, in the Certificate File and also in the SSL key file.
  8. If POA runs in a verbose logging mode, wait till admin message is processed saying that POA needs to be restarted. Or you can structurally rebuild the PO and start it afterwards.
This procedure is helpful in case of using third party certificates. A procedure how to get third party certificates implemented in your eDir tree is described for instance in the TID10051597How to install a certificate signed by a third party for use by the NetWare Enterprise Web Server. Then there is a custom KMO object and the procedure of this TID describes how to get, for instance a C/S communication secured.
The same PFX file, though, can be used for securing any MTA or POA objects, or gateways. Use SSL Settings tab on each corresponding agent / gateway objects.