Sslwebaccess

From CoolSolutionsWiki

Search

Views

-My Other wikis

Installing and configuring GroupWise 7 WebAccess on SLES 10/OES2 and ensure SSL is used

1 docs
2 Gotchas
3 my process
4 Testing
5 configuring auto redirection from http to https
6 Troubleshooting

[edit]

docs

[edit]

Gotchas

If OES 2 one must use 9009 instead of 8009
If OES 2 one must use /var/opt/novell/tomcat5/webapps directory DURING INSTALL instead of tomcat4
For SLES 10/OES2 One must modify the /etc/opt/novell/httpd/conf.d/gw.conf file and add a few items per TID 3248145
1. Keep in mind, this TID is WRONG and you must follow this coolsolution

[edit]

my process

on OES 2 this is what I found:

/etc/opt/novell/httpd/conf.d/gw.conf instead of /etc/apache2/conf.d/gw.conf in TID installing GW webacc on sles 10
SSL TID differences
1. Open a new Shell-Konsole
2. Type "sux -"
3. Enter root's password
4. mkdir /etc/opt/novell/httpd/conf.d/ssl.crt
5. Type "cd /etc/opt/novell/httpd/conf.d/ssl.crt" without the quotes and press Enter
6. Type "openssl genrsa -out privkey.pem" without the quotes and press Enter
7. Type "openssl req -new -key privkey.pem -out cert.csr" without the quotes and press Enter
8. Fill in the Country Name. State or Province Name, Locality Name, Organization Name, Organizational Unit Name, Common Name, E-mail Address, Challenge Password and an Optional Company Name. (All of the fields can be left blank. Give importance while entering Common Name. For eg. If domain name is www.novell.com, Enter www.novell.com in Common Name)
9. Switch to ConsoleOne
10. Click Tools | Issue Certificate
11. Browse to "/etc/opt/novell/httpd/conf.d/ssl.crt/cert.csr" and click Next
12. Select "Organizational certificate authority" and click Next
13. Select "SSL or TLS" and click Next
14. Click Next or change the Validity period and click Next. The default is 1 year
15. Click Finish
16. Select "File in Base64 format" and provide the path "/etc/opt/novell/httpd/conf.d/ssl.crt/Cert.b64"
17. Click Save
18. Switch back to a Shell-Konsole
19. Type "cd /etc/opt/novell/httpd/gconf.d" without quotes and press Enter
20. Type "vi sslvhost.conf" without the quotes and press Enter
21. Comment out "SSLCertificateFile /etc/opt/novell/httpd/conf.d/ssl.crt/server.pem" line by inserting a # symbol at the beginning of the line
22. Below the above line type "SSLCertificateKeyFile /etc/opt/novell/httpd/conf.d/ssl.crt/privkey.pem" without the quotes (This path should point to the Key file which may have any other extension than pem)
23. Below the above line type "SSLCertificateFile /etc/opt/novell/httpd/conf.d/ssl.crt/Cert.b64" without the quotes (This path should point to the Certificate file which may have any other extension than b64)
24. Save the file
25. Type "cd /etc/rc.d/" without quotes and press Enter
26. Type "vi novell-httpd" without quotes and press Enter
27. Search for the line that begins with KEYFILE and change it to
28. KEYFILE=/etc/opt/novell/httpd/conf.d/ssl.crt/privkey.pem (This path should point to the Key file which may have any other extension than pem)
29. Save the file
30. Restart the WebServer by typing "/etc/rc.d/novell-httpd restart" without the quotes
31. Access GroupWise WebAccess using SSL and view Certificate. If the "Issued to: " field contains the Common Name entered in step 7, then the Certificate is working fine.
Use consoleone to modify the webacc7 object and configure the SSL certs there. I pointed to my /etc/opt/novell/httpd/conf.d/ssl.crtCert.b64 and privkey.pem

[edit]

Testing

https://oes2/gw/webacc

or
http://oes2/gw/webacc

[edit]

configuring auto redirection from http to https

cd /var/opt/novell/gw
cp index.html index.html.bak
gedit index.html or vi index.html
snip everything from <style media="screen" type="text/css"> TO </style> so it looks like this
1. <title>Novell Web Services</title>
2. <script>location="https://oes2/gw/webacc"</script>
3. </head>
This will auto re-direct users that go to http to https. NOTE: Put your DNS name or IP address instead of oes2
Use yast to change the webserver's default webpage