All the connections between the client and the server should be configured to use SSL. To do this, SSL must be configured for the agents. For information on configuring SSL for the agents and for the client, see Creating Your Messenger System
for Windows and Configuring the Linux Messenger Agents for SSL
for Linux in the Novell Messenger 3.0 Installation Guide. To secure the client, simply use the port number specified for secure connections when connecting to the server.
When you install the agents, you have the option to configure SSL for the agents. If you chose to use SSL for the connection between the agents and the clients, the Message Transfer Protocol is automatically configured to use SSL as well. For more information, see Creating Your Messenger System
for Windows and Configuring the Linux Messenger Agents for SSL
for Linux in the Novell Messenger 3.0 Installation Guide.
In order for the Message Transfer Protocol to use SSL, you must enable SSL for the agents. If you chose not to use SSL during the installation, you can configure SSL for the agents in ConsoleOne.
Before the Messaging Agent can use SSL encryption, you must create a certificate by generating a certificate signing request (CSR) and having it issued by a certificate authority (CA). This can be issued either by a public CA or a local CA, such as Novell Certificate Server. (Novell Certificate Server, which runs on a server with NetIQ eDirectory, enables you to establish your own Certificate Authority and issue server certificates for yourself. For more information, see the Novell Certificate Server site.) The CSR includes the hostname of the server where the Messaging Agent runs. The Messaging Agent and the Archive Agent can use the same certificate if they run on the same server. The CSR also includes your choice of name and password for the private key file that must be used with each certificate. This information is needed when configuring the Messaging Agent to use SSL encryption. For more information, see Section 2.3.1, Generating a Certificate Signing Request and Private Key.
After you have a certificate and a private key file available on the server where the Messaging Agent runs, you are ready to configure the Messaging Agent to use SSL encryption.
In ConsoleOne, browse to and expand the Messenger Service object.
Right-click the Messenger ArchiveAgent object, then click Properties.
Click Agent > Security.
Fill in the following fields:
Certificate Path: This field defaults to \novell\nm\certs for Windows, and /opt/novell/messenger/certs for Linux.
IMPORTANT:The certificate path must be located on the same server where the Messenger agents are installed. If your SSL certificate and key file are located on a different server, you must copy them into the directory specified in the Certificate Path field so they are always accessible to the Messenger agents.
SSL Certificate: Browse to and select the certificate file. Or, if the certificate is located in the directory specified in the Certificate Path field, you can simply type the file name.
SSL Key File: Browse to and select your private key file. Or, if the file is located in the directory specified in the Certificate Path field, you can simply type the file name.
Set Password: Provide the key file password you established when you submitted the certificate signing request.
Enable SSL for Client/Server: Select this option to enable SSL encryption for your client and server.
Enable SSL for Message Transfer Protocol: Select this option to enable SSL encryption for your Message Transfer Protocol.
Click OK to save the SSL settings.
Restart the Messaging Agent to begin using SSL encryption.
The Web Console should already be configured to use SSL when SSL is configured during the installation. However, additional configuration is needed to enable SSL for the Web Console. For information on how to secure and configure the Web Console, see Setting Up the Messaging Agent Web Console and Section 5.10.2, Using the Archive Agent Web Console and GroupWise Monitor.
The Web Console should be configured to use SSL and password protection, but password protection needs to be enabled. For information on how to enable password protection for the Web Console, see Setting Up the Messaging Agent Web Console and Section 5.10.2, Using the Archive Agent Web Console and GroupWise Monitor.
The data store files should be protected from access by unauthorized persons. The data store files are identified by an eight-digit hexadecimal number followed by either .maf or .mai. They are found in the following default locations:
Table 8-1 Messenger Data Store File Locations
Platform |
Directory |
Store Files |
---|---|---|
Linux |
/var/opt/novell/messenger/aa/store |
xxxxxxxx.maf xxxxxxxx.mai |
Windows |
C:\Novell\NM\aa\store |
xxxxxxxx.maf xxxxxxxx.mai |
The queue files should be protected from access by unauthorized persons. The queue files are identified by an eight-digit hexadecimal number followed by three numbers. They are found in the following default locations:
Table 8-2 Messenger Queue File Locations
Platform |
Directory |
Queue Files |
---|---|---|
Linux |
/var/opt/novell/messenger/ma/queue /var/opt/novell/messenger/aa/queue |
xxxxxxxx.nnn
|
Windows |
C:\Novell\NM\ma\queue C:\Novell\NM\aa\queue |
xxxxxxxx.nnn
|
The log files for all Messenger agents should be protected from access by unauthorized persons. Some contain very detailed information about your Messenger system and Messenger users. They are found in the following default locations:
Table 8-3 Messenger Agent Log File Locations
Platform |
Directory |
Log Files |
---|---|---|
Linux |
/var/opt/novell/log/messenger/ma/ /var/opt/novell/log/messenger/aa |
mmddnma.nnn mmddnaa.nnn |
Windows |
C:\Novell\MA\logs C:\Novell\AA\logs |
mmddnma.nnn mmddnaa.nnn |
The startup files for all Messenger agents should be protected from access by unauthorized persons. They are found in the following default locations:
Table 8-4 Messenger Agent Startup File Locations
Platform |
Directory |
Startup Files |
---|---|---|
Linux |
/etc/init.d |
novell-nmma novell-nmaa |
Windows |
C:\Novell\NM\ma C:\Novell\NM\aa |
strtup.ma strtup.aa |
The root certificate files should be protected from access by unauthorized persons. The root certificate files are copied to the following default locations:
Table 8-5 Root Certificate File Locations
Platform |
Directory |
Startup Files |
---|---|---|
Linux |
/opt/novell/messenger/certs |
certname.der
|
Windows |
C:\Novell\NM\certs |
certname.der
|