Use of intermediate/chained certificates with GroupWise Agents

  • 7005111
  • 07-Jan-2010
  • 27-Apr-2012

Environment

Products:
Novell GroupWise 8

Configuration:
Chained or intermediate certificates being used

Situation

Use of intermediate certificates with GroupWise Agents
Chaining Certificates in GroupWise Agents - MTA, POA and GWIA does not work
Setting up SSL on GWIA using chained certificates for IMAP, POP3, HTTP or SMTP does not work
Setting up SSL on GroupWise Agents using chained certificated does not work
ERROR: "STARTTLS: Certificate Verification Failed: The Certificate presented is not signed by a CA we trust" while trying to establish SSL on SMTP on GWIA

Resolution

  1. Please combine the Server Certificate and the Intermediate Certificate into one file simlar to the following and give it a .pem extension
    -----BEGIN CERTIFICATE-----
    several_lines_of_server_certificate_text
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    several_lines_of_intermediate_certificate_text
    -----END CERTIFICATE-----
  2. Copy the *.pem file on the server where the agent is running.
  3. Copy the *.key file on the server where the agent is running.
  4. Launch ConsoleOne and right click on the POA or GWIA or WebAccess Object depending upon where the certificate needs to be used.
  5. Click GroupWise | SSL Settings.
  6. Browse to the *.pem file in the "Certificate file" field.
  7. Browse to the *.key file in the "SSL key file" field.
  8. Click Set Password to set the password for the Private Key.
  9. Click Apply.
  10. Click GroupWise | Network Address.
  11. Set the SSL to Enabled or Required for the ports as the case may be and click Apply and Close.