90.2 Configuring Server Certificates and TLS

For a secure GroupWise system, you should configure the server and agents to use TLS. We recommend you use commercially signed certificates from a Trusted Root Certificate Authority (ie GoDaddy, Digicert, etc). For your convenience, the GroupWise CA can generate certificates until you obtain your commercially signed certificates. When generating certificates, keep in mind the following certificate best practices for GroupWise:

Certificate Best Practices

  • If you obtain your certificates from an intermediate CA, the certificate for that intermediate CA and all other intermediate CAs leading to the Trusted Root CA must be appended to your certificate file.

  • For TLS communication between the agents and servers, the Fully Qualified Domain Name (FQDN) of the server should be the used for the Subject Alternative Name (SAN) on the certificate. Also, the GroupWise agents should be configured with the FQDN instead of the IP address on the Agent Settings tab for all GroupWise agents.

NOTE:One server certificate can be used to secure all of the GroupWise agents on the server.

Once you have planned and gathered your certificates, use the information in the following sections to configure TLS for the agents: