Environment
Micro Focus GroupWise 18.3.x or later
Situation
After configuring all your GroupWise Agents with a wildcard certificate or other 3rd party trusted certificates, you should enable this for GroupWise Monitor as well.
Wildcard certificate bundle preparation
If you already have your PRIVATE KEY for your certificate, you can decrypt your private key using the following command:
openssl rsa -in private.key -out private-decrypted.key
If you no longer has access to your PRIVATE KEY, DigiCert allows you to re-issue your wildcard certificate with a new certificate request using the re-issue function in your DigiCert management portal without invalidating previously issued wildcard certificates. To generate a new CSR, use the following command:
openssl req -newkey rsa:2048 -keyout private.key -out new-wildcard.csr
Use the CSR to re-issue a wildcard certificate.
Download or obtain your organisation's certificate bundle (star-organisation.p7b) from your DigiCert portal.
Extract your certificate + chain from the certificate bundle:
openssl pkcs7 -inform PEM -outform PEM -in star-organisation.p7b -print_certs > wildcardcert.pem
Combine the private-decrypted.key and wildcardcert.pem into a single PEM file:
cat private-decrypted.key wildcardcert.pem > gwmonitor.pem
Upload gwmonitor.pem to the following directory on each GroupWise server where you have the GroupWise Monitor Agent installed:
/opt/novell/groupwise/certificates
Configure GroupWise Monitor to use the certificate
You can do one of the following:
Use the sysconfig editor in YaST to add the following to the Network | Mail | GroupWise category:
GROUPWISE_MA_OPTIONS="--httpcertfile /opt/novell/groupwise/certificates/gwmonitor.pem"
OR
Edit the /etc/sysconfig/grpwise-ma file and add the following line to the file:
GROUPWISE_MA_OPTIONS="--httpcertfile /opt/novell/groupwise/certificates/gwmonitor.pem"
If the value GROUPWISE_MA_OPTIONS already exists for either option, append the following line inside the quotations marks:
--httpcertfile /opt/novell/groupwise/certificates/gwmonitor.pem
Restart the GroupWise Monitor Agent.
Make sure to access the GroupWise Monitor Agent using the DNS FQDN of the host running the GroupWise Monitor Agent.
Comments
0 comments
Please sign in to leave a comment.