advisorevents.com secure groupwise with ssl author: tay kratzer & gregg a. hinchman company:...

AdvisorEvents.comAdvisorEvents.com

Secure GroupWise with SSLSecure GroupWise with SSL

Author: Tay Kratzer & Gregg A. HinchmanAuthor: Tay Kratzer & Gregg A. HinchmanCompany: Novell, Inc. & Hinchman ConsultingCompany: Novell, Inc. & Hinchman Consulting

Session Number


Who Am I?Who Am I? Tay KratzerTay Kratzer

GroupWise Enthusiast for 10+ yearsGroupWise Enthusiast for 10+ years Novell Employee – Primary Support EngineerNovell Employee – Primary Support Engineer Author/Co-Author: 5 GroupWise related books at Author/Co-Author: 5 GroupWise related books at

www.caledonia.netwww.caledonia.net Frequent writer for: GroupWise Advisor Magazine, Frequent writer for: GroupWise Advisor Magazine,

and Novell Periodicalsand Novell Periodicals

Gregg A. Hinchman GroupWise Advocate and Consultant for 9+ years Self-Employed Consultant Former Novell Consultant Co-Author of “Success with GroupWise Document

Management” at www.caledonia.net


Session OverviewSession Overview

IntroductionIntroduction What is SSL?What is SSL? Assumptions and PrerequisitesAssumptions and Prerequisites

Securing GroupWiseSecuring GroupWise Secure the MTASecure the MTA Secure the POASecure the POA Secure the GWIA GatewaySecure the GWIA Gateway Secure the WebAccess GatewaySecure the WebAccess Gateway

SummarySummary ReviewReview Tips, Tricks and QuestionsTips, Tricks and Questions


What is SSL?What is SSL?

EncryptionEncryption Symmetric Key EncryptionSymmetric Key Encryption

One KeyOne Key Public Key Encryption (PKI)Public Key Encryption (PKI)

Two KeysTwo Keys

Certificate AuthoritiesCertificate Authorities A Private KeyA Private Key The Certificate Signing RequestThe Certificate Signing Request A CertificateA Certificate KMOKMO

SSL CertificateDNS <Server Name>SSL CertificateDNS <Server Name> SSL CertificateIP <Server Name>SSL CertificateIP <Server Name>


Assumptions and PrerequisitesAssumptions and Prerequisites

eDirectory 8.6 or aboveeDirectory 8.6 or above GroupWise 6.5 or aboveGroupWise 6.5 or above NICI (Novell International Cryptography Infrastructure)NICI (Novell International Cryptography Infrastructure) PKI Snap-ins for ConsoleOnePKI Snap-ins for ConsoleOne Create a Certificate with GWCSRGENCreate a Certificate with GWCSRGEN


Secure the MTASecure the MTA

Add the Certificate to the MTAAdd the Certificate to the MTA



Enable SSL on the MTAEnable SSL on the MTA Do not forget to enable SSL for the HTTP MonitoringDo not forget to enable SSL for the HTTP Monitoring



Test the CommunicationTest the Communication


Secure the POASecure the POA

Add the CertificateAdd the CertificateEnable SSL and HTTP MonitoringEnable SSL and HTTP MonitoringWhat is “SSL Required”?What is “SSL Required”?Test CommunicationTest Communication


Demonstration TimeDemonstration Time


Secure the GWIA GatewaySecure the GWIA Gateway

eSMTP and Transport Layer Security (TLS)eSMTP and Transport Layer Security (TLS)Supported by GroupWise 6.5Supported by GroupWise 6.5

Add the CertificateAdd the Certificate Enable SSL and HTTP MonitoringEnable SSL and HTTP Monitoring Test Communication Test Communication

Telnet and EHLOTelnet and EHLO


Secure the WebAccess GatewaySecure the WebAccess Gateway-The Agent-The Agent

Add the CertificateAdd the Certificate Enable SSL and HTTP MonitoringEnable SSL and HTTP Monitoring Test CommunicationTest Communication


Secure the WebAccess GatewaySecure the WebAccess Gateway-The Application for Apache-The Application for Apache

Add SSL to ApacheAdd SSL to Apache Edit the *.CONF fileEdit the *.CONF file

Adminserv.conf, GWApache.conf, HTTPD.confAdminserv.conf, GWApache.conf, HTTPD.conf Sys:\Apache\confSys:\Apache\conf

LoadModule tls_module modules/mod_tls.nlmLoadModule tls_module modules/mod_tls.nlm<IfModule mod_tls.c><IfModule mod_tls.c> SecureListen 192.68.1.10:443 "SSL SecureListen 192.68.1.10:443 "SSL

CertificateDNS"CertificateDNS"</IfModule></IfModule>

Test –TCPCON and 443Test –TCPCON and 443


Secure the WebAccess GatewaySecure the WebAccess Gateway-The Application for Novonyx-The Application for Novonyx

Add SSL to NovonyxAdd SSL to Novonyx Edit MAGNUS.CONFEdit MAGNUS.CONF

SYS:NOVONYX\SUITESPOT\HTTPS-<File Server SYS:NOVONYX\SUITESPOT\HTTPS-<File Server Name>\CONFIG Name>\CONFIG

TestTest


Secure the WebAccess GatewaySecure the WebAccess Gateway-3-3rdrd Party Cert and Wireless Party Cert and Wireless

Create a new custom KMO in eDirectoryCreate a new custom KMO in eDirectory Generate a CSR from the KMO objectGenerate a CSR from the KMO object Submit the CSR to an external CA, such as Submit the CSR to an external CA, such as

VerisignVerisign Import the Certificate from Verisign into Import the Certificate from Verisign into

eDirectoryeDirectory Reference the custom KMO in the *.CONF file of Reference the custom KMO in the *.CONF file of

the web server, Example: Apache syntax is:the web server, Example: Apache syntax is:

LoadModule tls_module modules/mod_tls.nlmLoadModule tls_module modules/mod_tls.nlm<IfModule mod_tls.c><IfModule mod_tls.c> SecureListen 192.68.1.10:443 "VERISIGN-SSL"SecureListen 192.68.1.10:443 "VERISIGN-SSL"</IfModule></IfModule>


Secure the MessengerSecure the Messenger

Add the CertificateAdd the Certificate Enable SSL and HTTP MonitoringEnable SSL and HTTP Monitoring Test CommunicationTest Communication


Demonstration TimeDemonstration Time


SummarySummary

ReviewReview Tips, Tricks and QuestionsTips, Tricks and Questions


AADVISORDVISOR S SUMMITUMMIT Web Update Page Web Update Page

AdvisorEvents.com/CNG0310p.nsf/w/cng0310udAdvisorEvents.com/CNG0310p.nsf/w/cng0310ud

This session WILL / WILL NOTThis session WILL / WILL NOThave updates.have updates.


Thank You!Thank You!

Please remember to fill out your evaluation.Please remember to fill out your evaluation.

advisorevents.com secure groupwise with ssl author: tay kratzer & gregg a. hinchman company:...

Documents

secure groupwise

ssl author

mta slide

ssl certificatedns test

http monitoring slide

ehlo slide

gwcsrgen slide

years groupwise enthusiast