28.5 Securing Internet Access with TLS Connections to the GWIA

The GWIA can use TLS to enable secure connections to other SMTP hosts, POP/IMAP clients, and the GWIA console. For the GWIA to do so, you must ensure that it has access to a server certificate file and that you have configured the connection types (SMTP, POP, IMAP, HTTP) you want secured through TLS.

For background information about TLS and how to set it up on your system, see Configuring Server Certificates and TLS.

To configure the GWIA to require TLS:

  1. In the GroupWise Administration Console, browse to and click the GWIA.

  2. On the GroupWise tab, click SSL SETTINGS.

  3. (Conditional) If you need to generate a new GroupWise CA signed certificate for the GWIA:

    The GroupWise Admin Service generates a certificate signing request (CSR) and a private key file, and then sends them to the GroupWise certificate authority (CA) on the primary domain. The CA issues the requested certificate, which is then returned to the local server.

    1. Click Generate Certificate.

    2. Specify and confirm the password for the private key file for the new SSL certificate, and then click OK.

      The newly created SSL certificate and private key files display on the SSL Settings tab.

    3. Click Save to save the SSL certificate and key files.

  4. (Conditional) If you already have an SSL certificate and key file for the GWIA:

    1. In the SSL Certificate File field, click the Browse icon.

    2. Click Upload Local File to Server, and then click Browse.

    3. Browse to and select the SSL certificate File on your local workstation.

      You can use certificate files in the PEM, PFX, CRT, B64, or CER format.

      IMPORTANT:When using a PFX certificate file, you only have one file. You need to point to that file in both the SSL Certificate File and the SSL Key File fields for PFX certificate to work.

    4. Click Upload to upload the certificate file into the GroupWise certificates folder on the server where the GWIA is running.

    5. Click OK.

    6. In the SSL Key File field, browse to, select, and upload the private key file, and then click OK.

    7. Click Save to save the SSL certificate and key files.

  5. To enable or require SSL connections for the GWIA, click Agent Settings on the GroupWise tab.

  6. Enable or require SSL connections between the GWIA and the MTA, select Enabled or Required in the Message Transfer SSL drop-down list.

    The MTA must also use SSL for the connection to be secure. See Securing the Domain with SSL Connections to the MTA.

    IMPORTANT:To prevent closed links between agents, select Enabled when you are initially configuring agents for SSL. Select Required for tighter security only after all agents are successfully using SSL.

  7. (Optional) Select Enabled or Required in the SSL drop-down list for other protocols as needed.

  8. Click Save, and then click Close to return to the main Administration Console window.