Securing your Groupwise Post Office with SSL
By default your connection with your Groupwise Post Office (POA) isn’t secure. With the ‘normal’ Groupwise protocol who connects at TCP 1677 this isn’t a really big problem because normally this protocol is only used on your internal LAN. But what if you want to sync your mobile device with for example IMAP or POP. These protocols aren’t by default secure. This can be a problem when you connect over the internet.
So how can we secure our POA using SSL? For this we have 2 options. We can use a so called self-signed certificate or we can use a certificate signed why a external Certificate Authority.
In this example we’re going to use a self-singed certificate. The disadvantage of this is that you have to except the certificate every time the certificate is used. Most system have a option to import the certificate ones, so you don’t get that question any more.
- Go into Yast | Security and Uses | CA Management
- Select the default CA you create during installation and click on Enter CA
- You are asked for the CA password. This is the root password used during installation.
- Click on the certificates tab and select the server certificate for this server
- Click on Export | Export to file
- Select Certificate and the Key Encrypted in PEM Format
- Provide the password and path where you want to save the .pem file and click on Ok.
- Close Yast and go to the directory where you save the .pem file
- Open the file with a text editor like gedit
- Select the part that starts with —–BEGIN CERTIFICATE—– and ends with —–END CERTIFICATE—–
- Open a new text file and copy the content you selected in step 10.
- Save the file as a .crt file
- Go back to the .pem file and select the part that starts with —–BEGIN RSA PRIVATE KEY—– and ends with —–END RSA PRIVATE KEY—–
- Save this part in a .key file
Ok so now we have a self-singed certificate file. The next step is to use this file in our Groupwise Postoffice.
- In ConsoleOne open the POA object
- In the Groupwise tab goto SSL setting
- Here you have to provide the .crt and .key file
- Click on Set Password to provide the password you use for the export
- Click on Ok and make sure your POA restarts
After this your POA can use SSL. Now we have to enable for example IMAP to use SSL.
- In ConsoleOne open the POA object
- On the Groupwise tab goto Network Address and select under SSL behind IMAP required. This make sure you only can use IMAP with SSL.
- Goto to Agent Setting and enable IMAP.
- Restart your POA
Now we can use IMAP with SSL.
About Michael
Michael Wilmsen is a experienced VMware Architect with more than 20 years in the IT industry. Main focus is VMware vSphere, Horizon View and Hyper Converged with a deep interest into performance and architecture.
Michael is VCDX 210 certified, has been rewarded with the vExpert title from 2011, Nutanix Tech Champion and a Nutanix Platform Professional.