Unable to Login to Retain Using Plugin for GroupWise Webaccess

  • 7019365
  • 25-Feb-2014
  • 07-Aug-2017

Environment


Retain (all versions)
GroupWise Webaccess

Situation


After installing and configuring the Retain plugin for GroupWise Webaccess, the user logs into Webaccess and clicks on the "Retain" tab that now displays.  It is supposed to open up the RetainServer web interface and automatically log the user into the Retain mailbox; instead, it just brings up a blank page or it brings up the RetainServer login page.

Resolution


In most cases when you see such symptoms, GroupWise Webaccess is being accessed by the user over HTTPS but the RetainServer URL referenced on the GroupWise WebAccess server in retain.cfg ([path to the WebAccess directory]/retain/retain.cfg) is an HTTP URL.   However, in such cases, the RetainServer's web server (Apache or IIS) needs to be configured for SSL and the hostname in the SSL certificate installed on the web server must match the hostname specified in the RetainServer URL listed in the aforementioned retain.cfg.

If that certificate is a signed certificate from a valid Certificate of Authority (i.e., GoDaddy), the user will be taken to the RetainServer web page and automatically logged into his/her mailbox upon clicking on the Retain plugin tab; however, if it is a self-signed certificate, that certificate will need to be installed on every computer accessing the RetainServer through the WebAccess plugin; otherwise, it will bring up the RetainServer page but the user will be prompted to log in.

Why?  Because certificates from certificates of authority are always trusted; whereas a self-signed certificate is unknown/untrusted by default.  The only way to get self-signed certificates to work is to copy the certificate to each Windows workstation.



Summary of Retain WebAccess Plugin Setup Concepts When SSL Is Used

1.  Set up SSL for the Retain server's web server (Apache or IIS).  Install a certificate from a recongized Certificate of Authority (i.e., GoDaddy, etc).  The hostname on the certificate must match the RetainServer's hostname in DNS.

2.  In the retain.cfg on the GroupWise WebAccess server, reference the URL using https and the hostname mentioned in step #1.

3.  Restart Tomcat on the WebAccess server.



Retain 4:

If the GroupWise WebAccess plugin with Retain 4 is configured to connect to Retain with https:// and the GroupWise Webaccess is showing an SSL error (e.g. SSLHandshakeException) when clicking on the Retain tab, please make sure to install the Retain GroupWise Webaccess Plugin of Retain 4.0.1 or newer.


Download Retain 4.0.1 GroupWise Webaccess Plugin

Additional Information

This article was originally published in the GWAVA knowledgebase as article ID 2264.