Using SSL with WebAccess
Novell Cool Solutions: Trench
Digg This -
Posted: 6 Nov 2001
Current version: GroupWise 6
We recently posted this OPEN CALL Q&A, and have received some excellent input in response to it. Here's what we've got so far. If you have anything to add, we'd love to hear from you.
Has anyone had any success using SSL with WebAccess? Due to heightened security requirements we are looking at this as a possibility. If anyone has any feedback on using SSL with WebAccess, good or bad, it would be appreciated.
Well, with NetWare 5.1 it's easy, as the default web server is installed with an SSL virtual server. Assuming WebAccess is running on the default web server, you just change your URL to https:// instead of http://
I guess I didn't know it may be a problem using SSL with WebAccess, but we've had it on our WebAccess server (which is NT, by the way), for six months or so with no reported problems, performance or otherwise. The NT box with WebAccess has been rock solid.
We have been using SSL for years with IIS. We have used the brute force method of requring SSL for all directories, to ensure that passwords are never clear (make sure that SSL is FORCED at all points by typing in various deep links with http:// only).
By far our largest pain in the neck has been the annual renewal of the SSL certificates. We don't like the cost, nor do we like the trouble. But, such is life.
I found it very easy, but make sure that it is [at least] NetWare 5.1. I edited the go button on the webaccess index.html page to point to https:// so the users did not have to type in https and all users were then forced to use https.
We've been using it in this way for about the past six months (on 5.5EP) - we didn't use Web Access before without SSL. No problems to report other than a fairly sluggish response on a slow dial-up connection - but we expected that anyway due to the additional SSL overhead.
Can't think of anything else to say on the matter although you'll need to get certificates etc - which unfortunately do cost.
I don't like to leave the default or any other web server running on port 80 if it can be helped, however .. my main problem with WebAccess is the user(s) often forget to put the S in httpS.
I could leave a message on the screen telling them to retype .. or I could leave a simple message, then redirect after a few seconds to the correct page.
Don't forget to include a robots.txt file or META header to prevent search engines indexing your pages.. (I wouldn't want to advertise the webaccess page if possible)
i.e. <META NAME=robots CONTENT=noindex>
A simple robots.txt file preventing search engines is:
# Please don't index my webaccess
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com