advisorevents.com secure groupwise with ssl author: tay kratzer & gregg a. hinchman company:...
Post on 19-Dec-2015
217 views
TRANSCRIPT
AdvisorEvents.comAdvisorEvents.com
Secure GroupWise with SSLSecure GroupWise with SSL
Author: Tay Kratzer & Gregg A. HinchmanAuthor: Tay Kratzer & Gregg A. HinchmanCompany: Novell, Inc. & Hinchman ConsultingCompany: Novell, Inc. & Hinchman Consulting
Session Number
AdvisorEvents.comAdvisorEvents.com
Who Am I?Who Am I? Tay KratzerTay Kratzer
GroupWise Enthusiast for 10+ yearsGroupWise Enthusiast for 10+ years Novell Employee – Primary Support EngineerNovell Employee – Primary Support Engineer Author/Co-Author: 5 GroupWise related books at Author/Co-Author: 5 GroupWise related books at
www.caledonia.netwww.caledonia.net Frequent writer for: GroupWise Advisor Magazine, Frequent writer for: GroupWise Advisor Magazine,
and Novell Periodicalsand Novell Periodicals
Gregg A. Hinchman GroupWise Advocate and Consultant for 9+ years Self-Employed Consultant Former Novell Consultant Co-Author of “Success with GroupWise Document
Management” at www.caledonia.net
AdvisorEvents.comAdvisorEvents.com
Session OverviewSession Overview
IntroductionIntroduction What is SSL?What is SSL? Assumptions and PrerequisitesAssumptions and Prerequisites
Securing GroupWiseSecuring GroupWise Secure the MTASecure the MTA Secure the POASecure the POA Secure the GWIA GatewaySecure the GWIA Gateway Secure the WebAccess GatewaySecure the WebAccess Gateway
SummarySummary ReviewReview Tips, Tricks and QuestionsTips, Tricks and Questions
AdvisorEvents.comAdvisorEvents.com
What is SSL?What is SSL?
EncryptionEncryption Symmetric Key EncryptionSymmetric Key Encryption
One KeyOne Key Public Key Encryption (PKI)Public Key Encryption (PKI)
Two KeysTwo Keys
Certificate AuthoritiesCertificate Authorities A Private KeyA Private Key The Certificate Signing RequestThe Certificate Signing Request A CertificateA Certificate KMOKMO
SSL CertificateDNS <Server Name>SSL CertificateDNS <Server Name> SSL CertificateIP <Server Name>SSL CertificateIP <Server Name>
AdvisorEvents.comAdvisorEvents.com
Assumptions and PrerequisitesAssumptions and Prerequisites
eDirectory 8.6 or aboveeDirectory 8.6 or above GroupWise 6.5 or aboveGroupWise 6.5 or above NICI (Novell International Cryptography Infrastructure)NICI (Novell International Cryptography Infrastructure) PKI Snap-ins for ConsoleOnePKI Snap-ins for ConsoleOne Create a Certificate with GWCSRGENCreate a Certificate with GWCSRGEN
AdvisorEvents.comAdvisorEvents.com
Secure the MTASecure the MTA
Add the Certificate to the MTAAdd the Certificate to the MTA
AdvisorEvents.comAdvisorEvents.com
Secure the MTASecure the MTA
Enable SSL on the MTAEnable SSL on the MTA Do not forget to enable SSL for the HTTP MonitoringDo not forget to enable SSL for the HTTP Monitoring
AdvisorEvents.comAdvisorEvents.com
Secure the MTASecure the MTA
Test the CommunicationTest the Communication
AdvisorEvents.comAdvisorEvents.com
Secure the POASecure the POA
Add the CertificateAdd the CertificateEnable SSL and HTTP MonitoringEnable SSL and HTTP MonitoringWhat is “SSL Required”?What is “SSL Required”?Test CommunicationTest Communication
AdvisorEvents.comAdvisorEvents.com
Secure the GWIA GatewaySecure the GWIA Gateway
eSMTP and Transport Layer Security (TLS)eSMTP and Transport Layer Security (TLS)Supported by GroupWise 6.5Supported by GroupWise 6.5
Add the CertificateAdd the Certificate Enable SSL and HTTP MonitoringEnable SSL and HTTP Monitoring Test Communication Test Communication
Telnet and EHLOTelnet and EHLO
AdvisorEvents.comAdvisorEvents.com
Secure the WebAccess GatewaySecure the WebAccess Gateway-The Agent-The Agent
Add the CertificateAdd the Certificate Enable SSL and HTTP MonitoringEnable SSL and HTTP Monitoring Test CommunicationTest Communication
AdvisorEvents.comAdvisorEvents.com
Secure the WebAccess GatewaySecure the WebAccess Gateway-The Application for Apache-The Application for Apache
Add SSL to ApacheAdd SSL to Apache Edit the *.CONF fileEdit the *.CONF file
Adminserv.conf, GWApache.conf, HTTPD.confAdminserv.conf, GWApache.conf, HTTPD.conf Sys:\Apache\confSys:\Apache\conf
LoadModule tls_module modules/mod_tls.nlmLoadModule tls_module modules/mod_tls.nlm<IfModule mod_tls.c><IfModule mod_tls.c> SecureListen 192.68.1.10:443 "SSL SecureListen 192.68.1.10:443 "SSL
CertificateDNS"CertificateDNS"</IfModule></IfModule>
Test –TCPCON and 443Test –TCPCON and 443
AdvisorEvents.comAdvisorEvents.com
Secure the WebAccess GatewaySecure the WebAccess Gateway-The Application for Novonyx-The Application for Novonyx
Add SSL to NovonyxAdd SSL to Novonyx Edit MAGNUS.CONFEdit MAGNUS.CONF
SYS:NOVONYX\SUITESPOT\HTTPS-<File Server SYS:NOVONYX\SUITESPOT\HTTPS-<File Server Name>\CONFIG Name>\CONFIG
TestTest
AdvisorEvents.comAdvisorEvents.com
Secure the WebAccess GatewaySecure the WebAccess Gateway-3-3rdrd Party Cert and Wireless Party Cert and Wireless
Create a new custom KMO in eDirectoryCreate a new custom KMO in eDirectory Generate a CSR from the KMO objectGenerate a CSR from the KMO object Submit the CSR to an external CA, such as Submit the CSR to an external CA, such as
VerisignVerisign Import the Certificate from Verisign into Import the Certificate from Verisign into
eDirectoryeDirectory Reference the custom KMO in the *.CONF file of Reference the custom KMO in the *.CONF file of
the web server, Example: Apache syntax is:the web server, Example: Apache syntax is:
LoadModule tls_module modules/mod_tls.nlmLoadModule tls_module modules/mod_tls.nlm<IfModule mod_tls.c><IfModule mod_tls.c> SecureListen 192.68.1.10:443 "VERISIGN-SSL"SecureListen 192.68.1.10:443 "VERISIGN-SSL"</IfModule></IfModule>
AdvisorEvents.comAdvisorEvents.com
Secure the MessengerSecure the Messenger
Add the CertificateAdd the Certificate Enable SSL and HTTP MonitoringEnable SSL and HTTP Monitoring Test CommunicationTest Communication
AdvisorEvents.comAdvisorEvents.com
SummarySummary
ReviewReview Tips, Tricks and QuestionsTips, Tricks and Questions
AdvisorEvents.comAdvisorEvents.com
AADVISORDVISOR S SUMMITUMMIT Web Update Page Web Update Page
AdvisorEvents.com/CNG0310p.nsf/w/cng0310udAdvisorEvents.com/CNG0310p.nsf/w/cng0310ud
This session WILL / WILL NOTThis session WILL / WILL NOThave updates.have updates.