59.10 SSL Switches

The GWIA can use SSL to enable secure SMTP, POP, IMAP, and HTTP connections. The following switches can be used to 1) specify the server certificate file, key file, and key file password required for SSL and 2) enable or disable SSL for SMTP, POP, IMAP, and HTTP connections. See Section 55.4, Securing GWIA Connections with SSL.

59.10.1 --certfile

Specifies the server certificate file to use. The file must be in Base64/PEM or PFX format. If the file is not in the same directory as the GWIA program, specify the full path.

Syntax: --certfile file_name

Example: --certfile \\server1\sys\server1.crt

59.10.2 --keyfile

Specifies the private key file to use. The key file is required if the certificate file does not contain the key. If the certificate file contains the key, do not use this switch. When specifying a file name, use the full path if the file is not in the same directory as the GWIA program.

Syntax: --keyfile file_name

Example: --keyfile \\server1\sys\server1.key

59.10.3 --keypasswd

Specifies the private key password. If the key does not require a password, do not use this switch.

Syntax: --keypasswd password

Example: --keypasswd novell

59.10.4 --smtpssl

Enables the GWIA to use a secure connection to other SMTP hosts. The SMTP host must also be enabled to use SSL or TLS (Transport Layer Security); if it is not, a non-secure connection is used. Valid settings are enabled and disabled.

Syntax: --smtpssl setting

Example: --smtpssl enabled

59.10.5 --httpssl

Enables the GWIA to use a secure connection to a Web browser being used to display the GWIA Web console. The Web browser must also be enabled to use SSL; if it is not, a non-secure connection is used. Valid settings are enabled and disabled.

Syntax: --httpssl setting

Example: --httpssl enabled

59.10.6 --popssl

Disables, enables, or requires secure (SSL) connections between POP3 clients and the GWIA.

Syntax: --popssl enabled|disabled|required

Example: --popssl required

Option

Description

enabled

The POP3 client determines whether an SSL connection or non-SSL connection is used. By default, the GWIA listens for SSL connections on port 995 and non-SSL connections on port 110. You can use the ‑‑popsport and ‑‑popport switches to change these ports.

required

The GWIA forces SSL connections on port 995 and port 110. Non-SSL connections are denied. You can use the ‑‑popsport and ‑‑popport switches to change these ports.

disabled

The GWIA listens for connections only on port 110, and the connections are not secure. You can use the ‑‑popport switch to change this port.

59.10.7 --imapssl

Disables, enables, or requires secure (SSL) connections between IMAP4 clients and the GWIA.

Syntax: --IMAP4ssl enabled|disabled|required

Example: --popssl required

Option

Description

enabled

The IMAP4 client determines whether an SSL connection or non-SSL connection is used. By default, the GWIA listens for SSL connections on port 993 and non-SSL connections on port 143. You can use the ‑‑imapsport and ‑‑imapport switches to change these ports.

required

The GWIA forces SSL connections on port 993 and port 143. Non-SSL connections are denied. You can use the ‑‑imapsport and ‑‑imapport switches to change these ports.

disabled

The GWIA listens for connections only on port 143, and the connections are not secure. You can use the /imapport switch to change this port.

59.10.8 /ldapssl

Instructs the GWIA to use a secure (SSL) connection with an LDAP server. For more information about why the GWIA would need to connect to an LDAP server, see Section 59.11, LDAP Switches

Syntax: /ldapssl