How to setup GroupWise Messenger for use with SSL

  • 3807968
  • 17-Jan-2007
  • 18-Jun-2012

Environment

Novell GroupWise Messenger 1.0.3

Situation

Error: "SSL Initialization Failure"
How to setup GroupWise Messenger for use with SSL

Resolution

Setup and Check the following steps: This link provides information with screen shots on how to create the certificates; Securing GroupWise 6.5 End to End with SSL

1. Use the gwcsrgen.exe to create the .key and .csr files. This utility can be found in the software distribution directory:\ADMIN\UTILITY\GWCSRGEN. The file names should include the .key extension and password, and the .csr file should include the extention as well. When all information has been filled, upon being saved they resulting file is put in the same directory the utility is run from.

2. Locate a copy of ConsoleOne that has the PKI Snap-ins installed. Most systems have copy in SYS:\PUBLIC\MGMT\CONSOLEONE\1.2\BIN. This can be run from the server, and will only be used for issuing a certificate.

3. Using ConsoleOne with the PKI Snap-ins, click anywhere on the tree, go to Tools, Issue Certificate.

4. On the resulting dialog, click the browse icon, and select the .csr file you created in step one. Click Next, and Next again.

5. For the Type, select Custom, for Key Usage, select all three options, do not click "Set the key usage extension to critical". Then click Finish.

6. IMPORTANT - save the file with .b64 extension. This should be a base64 file type.

7. Place the .b64 and .key file in the default directory.

8. Open a version of ConsoleOne that has GroupWise Messenger Snapins if the version you used earlier does not have them. This is usually the version you use to administer GroupWise Messenger.

9. Go to the properties of the MessagingAgent, in the Agent tab select Security.

10. Input the directory where you placed the .b64 and .key files. (Messenger must be able to access these files if they are located elsewhere).

For the SSL Certificate input the path to the .b64 file. You must include the .b64 file in the path (ex. \\SERVER\SYS\NOVELL\NM\CERTS\GWMCERT.B64)

For the Key File input the path to the .key file. You must include the .key file in the path (ex. \\SERVER\SYS\NOVELL\NM\CERTS\GWMCERT.KEY).

Check Enable SSL for Client/Server.

11. Click Apply, then Close.

12. Restart the Agent.

Additional Information

Cert and key files can not have long file names and must be restricted to 8.3 naming. If not then the messaging agent can't find the files and you get an SSL error.
For SSL on the Archive Agent as well, you may use the same certificate and key files. Setup is the same, just go to the properties of the archive agent, enter the same information and restart the agent.

Formerly known as TID# 10097612

Feedback service temporarily unavailable. For content questions or problems, please contact Support.