How to setup GroupWise Messenger for use with SSL

1. Use the gwcsrgen.exe to create the .key and .csr files. This utility can be found in the software distribution directory:\ADMIN\UTILITY\GWCSRGEN. The file names should include the .key extension and password, and the .csr file should include the extention as well. When all information has been filled, upon being saved they resulting file is put in the same directory the utility is run from.

2. Locate a copy of ConsoleOne that has the PKI Snap-ins installed. Most systems have copy in SYS:\PUBLIC\MGMT\CONSOLEONE\1.2\BIN. This can be run from the server, and will only be used for issuing a certificate.

3. Using ConsoleOne with the PKI Snap-ins, click anywhere on the tree, go to Tools, Issue Certificate.

4. On the resulting dialog, click the browse icon, and select the .csr file you created in step one. Click Next, and Next again.

5. For the Type, select Custom, for Key Usage, select all three options, do not click "Set the key usage extension to critical". Then click Finish.

6. IMPORTANT - save the file with .b64 extension. This should be a base64 file type.

7. Place the .b64 and .key file in the default directory.

8. Open a version of ConsoleOne that has GroupWise Messenger Snapins if the version you used earlier does not have them. This is usually the version you use to administer GroupWise Messenger.

9. Go to the properties of the MessagingAgent, in the Agent tab select Security.

10. Input the directory where you placed the .b64 and .key files. (Messenger must be able to access these files if they are located elsewhere).

For the SSL Certificate input the path to the .b64 file. You must include the .b64 file in the path (ex. \\SERVER\SYS\NOVELL\NM\CERTS\GWMCERT.B64)

For the Key File input the path to the .key file. You must include the .key file in the path (ex. \\SERVER\SYS\NOVELL\NM\CERTS\GWMCERT.KEY).

Check Enable SSL for Client/Server.

11. Click Apply, then Close.

12. Restart the Agent.