How to setup GroupWise Mobile Server with SSL?

1. Click Start | Programs | Intellisync Mobile Suite | Admin Console.
2. Right Click on Intellisync Mobile Suite and click Properties.
3. Click the General Tab and put a checkmark on "Force website access to use HTTPS".
4. Click OK.

1. Click Start | Run and type "cmd" without quotes and click OK.
2. Type "cd C:\Program Files\Intellisync Mobile Suite\jre\bin " without quotes and press Enter.
3. Type "keytool -genkey -validity 500 -alias newalias -keyalg RSA -keystore new.key " without quotes and Press Enter and answer the questions. Please make sure that the "first and last name" is the URL/IP Address that the devices will connect to.
   
   This generates a key pair (a public key and associated private key) and wraps the public key into an X.509 v1 self-signed certificate, which is stored as a single-element certificate chain. This certificate chain and the private key are stored in a new keystore entry identified by alias named newalias
   
4. Type "keytool -certreq -alias newalias -file c:\cert.csr -keystore new.key " without quotes and press Enter.
   
   This generates a Certificate Signing Request to be sent to a Certificate Authority. c:\cert.csr needs to be sent to a Trusted Certificate Authority like Verisign, Thawte etc or use eDirectory to sign the CSR. The following steps 5-17 show how to use eDirectory to sign the CSR and generate a Certificate
   
5. Login to eDirectory using the Novell Client.
6. Launch ConsoleOne with Certificate snapins (\\ServerName\sys\Public\Mgmt\ConsoleOne\Bin\ConsoleOne.exe ).
7. Highlight the Tree and click Tools | Issue Certificate.
8. Give the path to cert.csr that was created in step 4.
9. Click Next.
10. Click Next on "Organizational certificate Authority".
11. Click Custom and select "Set the key usage extension to critical", "Data encipherment", "Key encipherment", "Digital Signature".
12. Click Next.
13. Change the Validity period to Maximum.
14. Click Next.
15. Click Finish.
16. Select "File in binary DER format".
17. In the Filename type "c:\cert.der" and click Save.
    
    Once the Certificate is generated or signed by a Trusted Certificate Authority, follow the steps listed below to import the CA Certificate (if a Trusted CA is not being used or if a local CA is being used) and the signed Certificate in the Keystore
    
18. Click Start | Run and type "cmd" without quotes and click OK.
19. Type "cd C:\Program Files\Intellisync Mobile Suite\jre\bin " without quotes and press Enter.
20. This step needs to be followed if a Trusted CA is not being used or if a local CA is being used. If Trusted CA like Verisign or Thawte is being used, skip to step 22. Type keytool -import -alias newalias -file c:\ca.der -trustcacerts -keystore "c:\Program Files\Intellisync Mobile Suite\jre\lib\security\cacerts"  (where ca.der is the Public Certificate of the CA) and press Enter to import the CA Certificate. This step should only be done if the certificate was not signed by a Trusted CA or if a local CA was being used like eDirectory. If a Trusted CA like Verisign or Thawte was being used, then the Trusted CA Public Key is already in the cacerts file.
21. Enter the password "changeit " without quotes if the above step was followed.
    
    If GODADDY Certificate is not being used, please skip to step 29 . If GODADDY Certificate is being used follow steps 22-28
22. Download the following files OR Download the entire Chain that was sent by GODADDY
    https://certs.godaddy.com/repository/valicert_class2_root.cer
    https://certs.godaddy.com/repository/gd_intermediate.crt
    https://certs.godaddy.com/repository/gd_cross_intermediate.crt
23. Copy the above downloaded files to c:\Program Files\Intellisync Mobile Suite\jre\bin\
24. Type "keytool -import -trustcacerts -alias root -file valicert_class2_root.cer -keystore new.key " and press Enter. Enter the password and it may give a message saying that the certificate already exists in the system wide CA and if it still needs to be added to this keystore. Type Yes and press Enter.
25. Type "keytool -import -trustcacerts -alias cross -file gd_cross_intermediate.crt -keystore new.key " and Press Enter. It will ask for the password. Enter the password and Press Enter.
26. Type "keytool -import -trustcacerts -alias inter -file gd_intermediate.crt -keystore new.key " and Press Enter. It will ask for the password. Enter the password and Press Enter.
27. Type "keytool -import -keystore new.key -alias newalias -file c:\cert.der " and press Enter. It should ask for the password and then it should say "Certificate reply was installed in the keystore"
28. Skip to step 30.
29. Please note down the alias that was used to create the keystore as the same alias needs to be used while importing the certificate reply. In this TID, newalias has been used. If the alias is forgotten, please type "keytool -list -keystore c:\cert.key " and press Enter and type the password. Once the alias has been noted, then type "keytool -import -alias newalias -file c:\cert.der " without quotes and press Enter. Replace newalias with the alias that was used. Answer the questions and type "yes" to Trust this certificate. This should give a message stating that the "Certificate was added to keystore".
30. Copy new.key from C:\Program Files\Intellisync Mobile Suite\jre\bin to C:\Program Files\Intellisync Mobile Suite\CommSvr\conf
31. Launch Internet Explorer and type "http://localhost/sgadmin" without quotes and press Enter
32. Click "Set SSL Certificate Info"
33. In the Key file name, type "new.key" without quotes and in the Password and Repeat Password, type the Password that was entered while doing the above steps
34. Click Save
35. Click Start | Run and type "services.msc" without quotes and click OK
36. Restart the Intellisync Services
37. Test SSL by typing https://ipAddress OR URL in a browser. If needed follow steps 1a-4a to force SSL
    
    If a Secure Gateway is also needed, please follow the steps in the documentation to install Secure Gateway and follow the steps listed below on the Secure Gateway server to SSLize it
    
    1b. Copy new.key from the GMS Server to C:\Program Files\Secure Gateway\CommSvr\conf
    2b. Edit C:\Program Files\Secure Gateway\CommSvr\conf\securegateway.properties
    3b. Type the following at the end of the file as mentioned below. The entries are case sensitive
    
    HttpsSSLPort=443
    SSLKeyFileName=new.key
    SSLPassCode=novell
    
    4b. Save and close the file
    5b. Click Start | Run and type "services.msc " without quotes and press Enter
    6b. Restart the Secure Gateway service
    7b. Follow steps 31 -34
    8b. Launch Intellisync Admin Console on GMS Server | Right Click on Intellisync Mobile Suite and Click Properties | Click Secure Gateway Tab and add https://IPAddressofSecureGateway:443
    9b. Follow steps 36 and 37 on the GMS Server
    

1. Launch a web browser.
2. Type http://IPAddressofGMSServer/admin
3. Login to the Web Console.
4. Expand System Settings.
5. Click General.
6. Click Edit.
7. Put a check mark on "Force Website Access to Use HTTPS".
8. Click Save.
9. Click Done.
10. Type "/etc/init.d/mobilesuite stop " without quotes and press Enter.
11. Type "/etc/init.d/securegateway stop " without quotes and press Enter.
12. Type "/etc/init.d/asadb stop " without quotes and press Enter.
13. Type "/etc/init.d/asadb start " without quotes and press Enter.
14. Type "/etc/init.d/securegateway start " without quotes and press Enter.
15. Type "/etc/init.d/mobilesuite start " without quotes and press Enter.
    
    Third Party Certificate
    
    Follow the steps listed for GMS for Windows Section to create a certificate. All of the steps remain the same except the keytool path is /opt/ims/lib/external/jre/linux/bin and the new key file should be copied to /opt/ims/conf .
    
    Test SSL by typing https://ipAddress OR URL in a browser. If needed follow steps 1a-4a to force SSL

+ Novell GroupWise 8: Upgrading your Existing Novell GroupWise Environment