Securing your Groupwise Post Office with SSL

By default your connection with your Groupwise Post Office (POA) isn’t secure. With the ‘normal’ Groupwise protocol who connects at TCP 1677 this isn’t a really big problem because normally this protocol is only used on your internal LAN. But what if you want to sync your mobile device with for example IMAP or POP. These protocols aren’t by default secure. This can be a problem when you connect over the internet.

So how can we secure our POA using SSL? For this we have 2 options. We can use a so called self-signed certificate or we can use a certificate signed why a external Certificate Authority.

In this example we’re going to use a self-singed certificate. The disadvantage of this is that you have to except the certificate every time the certificate is used. Most system have a option to import the certificate ones, so you don’t get that question any more.

  1. Go into Yast | Security and Uses | CA Management
  2. Select the default CA you create during installation and click on Enter CA
  3. You are asked for the CA password. This is the root password used during installation.
  4. Click on the certificates tab and select the server certificate for this server
  5. Click on Export | Export to file
  6. Select Certificate and the Key Encrypted in PEM Format
  7. Provide the password and path where you want to save the .pem file and click on Ok.
  8. Close Yast and go to the directory where you save the .pem file
  9. Open the file with a text editor like gedit
  10. Select the part that starts with —–BEGIN CERTIFICATE—– and ends with —–END CERTIFICATE—–
  11. Open a new text file and copy the content you selected in step 10.
  12. Save the file as a .crt file
  13. Go back to the .pem file and select the part that starts with —–BEGIN RSA PRIVATE KEY—– and ends with —–END RSA PRIVATE KEY—–
  14. Save this part in a .key file

Ok so now we have a self-singed certificate file. The next step is to use this file in our Groupwise Postoffice.

  1. In ConsoleOne open the POA object
  2. In the Groupwise tab goto SSL setting
  3. Here you have to provide the .crt and .key file
  4. Click on Set Password to provide the password you use for the export
  5. Click on Ok and make sure your POA restarts

After this your POA can use SSL. Now we have to enable for example IMAP to use SSL.

  1. In ConsoleOne open the POA object
  2. On the Groupwise tab goto Network Address and select under SSL behind IMAP required. This make sure you only can use IMAP with SSL.
  3. Goto to Agent Setting and enable IMAP.
  4. Restart your POA

Now we can use IMAP with SSL.

About Michael
Michael Wilmsen is a VMware training/consultant (no specific order) with more than 15 years in the IT industry. Main focus is VMware vSphere, Horizon View and Site Recovery Manager with a deepdive to performance. Michael is VCDX 210, VCAP 4/5 certified, has been rewarded with the vExpert title from 2011, is a PernixPro, Nutanix Tech Champion and a Nutanix Platform Professional.

4 Comments to “Securing your Groupwise Post Office with SSL”

  1. By steve, March 13, 2011 @ 13:39

    should the path to the certifickate be /media/nss/POSTOFFICE/po/cert

    • By Mike, March 13, 2011 @ 13:43

      This depends. You configure the path on the postoffice object. But it’s most likely to store the certificates in the postoffice directory.

  2. By steve, March 13, 2011 @ 13:39

    should the path to the certifickate be /media/nss/POSTOFFICE/po/cert

    • By Mike, March 13, 2011 @ 13:43

      This depends. You configure the path on the postoffice object. But it’s most likely to store the certificates in the postoffice directory.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

You must be logged in to post a comment.