HTTPS configuration on WebAcess broken after upgrading to GW18

  • 7022473
  • 19-Dec-2017
  • 24-Dec-2018


GroupWise 18


There was existing HTTPS configuration on Apache / IIS which made a secure link to WebAccess. After upgrade to GW18, the SSL configuration does not work anymore.  


With GroupWise 18 we introduced new tomcat-apache combo which takes precedence over existing web server/tomcat setup. In order to redefine a secure connection to WebAccess you would need to do extra configuration steps and edit the server.xml file. This file is located on Linux platform in /etc/grpwise-tomcat and on Windows it is in C:\Novell\GroupWise\Tomcat\conf directory.
Here is what you can try to adjust default settings:

1. By default, we enabled tomcat approach which uses the ".keystore", a certificate store file. If you want to change it to use your corporate certificate which was used by IIS, for instance , disable keystore section in the server.xml.
Just right bellow keystore secure section you find "apache/web" way to secure the communication, using the server key and certificate. Enable this section and copy your server certificate files in the conf directory and edit the certificateKeyFile, certificateFile and eventuially certificateChainFile statements to reflect your certificate file names you just copied. After that save change sin the file and restart the service. You shall see in HTTPS section in a browser your new certifiactes being used in HTTPS connection.

2. You can also still use original tomcat approach and import your corporate certificates in the .keystore file. However, first you will need to drop existing "tomcat" alias used with a self-signed certificate. Then import the tomcat alias again but now with your corporate certificate. Or you can also go for creating new .keystore file. You can have a look at this process in other TID 7001857 for Vibe/Teaming as the procedure is the same.

3. If nothing works for you, you will need to use, for instance a keytool utility to create new CSR and submit it to the CA vendor and asking for tomcat certifiactes. Or get newer web server certificates from them - generate CSR using openssl tool first and submit it to the CA vendor.