mpatchett41 Absent Member.
Absent Member.
6831 views

SSL on WebAccess on OES...

I've read through a few documents on how to setup the SSL on WebAccess, but I'm not sure which process to follow for GW2012 on OES 11. The OES components are currently using their own self-signed certs, and I want to get a 'real' cert for WebAccess. I also don't want to go breaking the various working pieces of apache on OES by following an outdated document. Which document is the most appropriate to follow to get an SSL cert on WebAccess for GroupWise 2012? Or can someone give me just the right file names to modify and general / major steps.?
Labels (2)
0 Likes
7 Replies
jkress Super Contributor.
Super Contributor.

Re: SSL on WebAccess on OES...

I will chime in on this also.

I have two SLES11 servers dedicated to GW2012 WebAccess only. Both work fime
without SSL. Installed a valid site certificate (Apache.crt) from GoDaddy
and followed previous procedures that I have used for SLES10/SLES11 Apache2
SSL setup.On access via port 443 with FF receive "SSL Received a record that
exceeded the maximum permissable length". From what I can tell this error
indicates that there is broken site redirection.

None the less, is there something "different" in the GW2012 webaccess setup
that is required for SSL access.

Thanks,
JoeK
"mpatchett4" <mpatchett4@no-mx.forums.novell.com> wrote in message
news:mpatchett4.5hns7c@no-mx.forums.novell.com...
>
> I've read through a few documents on how to setup the SSL on WebAccess,
> but I'm not sure which process to follow for GW2012 on OES 11. The OES
> components are currently using their own self-signed certs, and I want
> to get a 'real' cert for WebAccess. I also don't want to go breaking
> the various working pieces of apache on OES by following an outdated
> document. Which document is the most appropriate to follow to get an
> SSL cert on WebAccess for GroupWise 2012? Or can someone give me just
> the right file names to modify and general / major steps.?
>
>
> --
> mpatchett4
> ------------------------------------------------------------------------
> mpatchett4's Profile: http://forums.novell.com/member.php?userid=120851
> View this thread: http://forums.novell.com/showthread.php?t=459168
>



0 Likes
Highlighted
mpatchett41 Absent Member.
Absent Member.

Re: SSL on WebAccess on OES...

I finally gave up and used this document (as I was running out of time to get this done)

Support | How to configure Apache on OES or SLES to use a 3rd party certificate

This worked with one exception: I had to modify the vhosts-ssl.conf file and uncomment then modify the "ServerName" line with the name that matches the certificate common name. Now I have to work on redirecting the webaccess page to force a secure connection as it continues to default to a non-secure connection.
0 Likes
mpatchett41 Absent Member.
Absent Member.

Re: SSL on WebAccess on OES...

Other information that was useful that I believe should be in the GroupWise webaccess documentation:

Changing the normal OES homepage to auto-redirect to webaccess URL so someone can just go to email.domain.org and it automatically refreshes to /gw/webacc: Support | How to auto redirect Apache default page to WebAccess login page

Forcing the /gw/webacc rewrite to SSL. This code needs to be added to the /etc/opt/novell/groupwise/webaccess/gw.conf file (at the bottom of the file):

<IfModule !mod_rewrite.c>
LoadModule rewrite_module /usr/lib/apache2/mod_rewrite.so
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine on
Rewritecond %{SERVER_PORT} ^80$
RewriteRule ^/gw/(.*) https://%{HTTP_HOST}/gw/$1 [NC,R,L]
</IfModule>



After all of those changes, I restarted apache (e.g. service apache2 restart ) and all was magic. I do believe Novell should add these steps into the product documentation as the first thing most admins want to do after enabling webaccess is to secure it via SSL so that usernames and eDirectory passwords aren't flying around the internet in clear text.
0 Likes
dzanre1 Absent Member.
Absent Member.

Re: SSL on WebAccess on OES...

"Joe Kress" wrote:

> None the less, is there something "different" in the GW2012 webaccess setup
> that is required for SSL access.


No - GroupWise doesn't care. It's Apache that must be configured for SSL for
the WebServer. Now, you might want to put SSL on your POA for SOAP, but that's
an entirely different story.

--
Danita
Novell Knowledge Partner
http://www.gethealthywithdanita.com
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: SSL on WebAccess on OES...

Thanks for the information 🙂

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
nlandas Absent Member.
Absent Member.

Re: SSL on WebAccess on OES...

mpatchett4;2214454 wrote:
I finally gave up and used this document (as I was running out of time to get this done)

Support | How to configure Apache on OES or SLES to use a 3rd party certificate

This worked with one exception: I had to modify the vhosts-ssl.conf file and uncomment then modify the "ServerName" line with the name that matches the certificate common name. Now I have to work on redirecting the webaccess page to force a secure connection as it continues to default to a non-secure connection.


Why isn't this in the GroupWise documentation? Along with the redirection of the default OES web site to the WebAccess page?

This has to be a common configuration for GroupWise. I realize this is apache configuration but

-Nyle
0 Likes
Knowledge Partner
Knowledge Partner

Re: SSL on WebAccess on OES...

In article <nlandas.71kp0n@no-mx.forums.microfocus.com>, Nlandas wrote:
> Why isn't this in the GroupWise documentation? Along with the
> redirection of the default OES web site to the WebAccess page?
>
> This has to be a common configuration for GroupWise. I realize this is
> apache configuration but


That is a common beef and I agree that some reference to at least the
basics for this is needed in the docs. We can now both ask for and vote
on issues at https://ideas.microfocus.com/MFI/novell-gw
And I have created one for this particular one.
https://ideas.microfocus.com/MFI/novell-gw/Idea/Detail/962


Andy of
http://KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!

___
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.