The GWIA can use SSL to enable secure SMTP, POP, IMAP, and HTTP connections. The following switches can be used to 1) specify the server certificate file, key file, and key file password required for SSL and 2) enable or disable SSL for SMTP, POP, IMAP, and HTTP connections. See Section 28.5, Securing Internet Access with SSL Connections to the GWIA.
Specifies the server certificate file to use. The file must be in Base64/PEM or PFX format. If the file is not in the same folder as the GWIA program, specify the full path.
Syntax: --certfile file_name
Example: --certfile \\server1\sys\server1.crt
Specifies a Diffie-Hellman cipher parameters file used for SSL/TLS to replace the default parameters set by GroupWise. GroupWise uses default Diffie-Hellman parameters of 2048 bits to generate the DH key. A valid DH parameter is in PEM format.
|
Linux |
Windows |
|---|---|---|
|
Syntax: |
--dhparm directory/pemfile |
/dhparm directory/pemfile |
|
Example: |
--dhparm /var/tmp/dh.pem |
/dhparm C:\temp\dh.pem |
Specifies the private key file to use. The key file is required if the certificate file does not contain the key. If the certificate file contains the key, do not use this switch. When specifying a file name, use the full path if the file is not in the same folder as the GWIA program.
Syntax: --keyfile file_name
Example: --keyfile \\server1\sys\server1.key
Specifies the private key password. If the key does not require a password, do not use this switch.
Syntax: --keypasswd password
Example: --keypasswd novell
Enables the GWIA to use a secure connection to other SMTP hosts. The SMTP host must also be enabled to use SSL or TLS (Transport Layer Security); if it is not, a non-secure connection is used. Valid settings are enabled and disabled.
Syntax: --smtpssl setting
Example: --smtpssl enabled
Enables the GWIA to use a secure connection to a web browser being used to display the GWIA console. The web browser must also be enabled to use SSL; if it is not, a non-secure connection is used. Valid settings are enabled and disabled.
Syntax: --httpssl setting
Example: --httpssl enabled
Disables, enables, or requires secure (SSL) connections between POP3 clients and the GWIA.
Syntax: --popssl enabled|disabled|required
Example: --popssl required
|
Option |
Description |
|---|---|
|
enabled |
The POP3 client determines whether an SSL connection or non-SSL connection is used. By default, the GWIA listens for SSL connections on port 995 and non-SSL connections on port 110. You can use the ‑‑popsport and ‑‑popport switches to change these ports. |
|
required |
The GWIA forces SSL connections on port 995 and port 110. Non-SSL connections are denied. You can use the ‑‑popsport and ‑‑popport switches to change these ports. |
|
disabled |
The GWIA listens for connections only on port 110, and the connections are not secure. You can use the ‑‑popport switch to change this port. |
Disables, enables, or requires secure (SSL) connections between IMAP4 clients and the GWIA.
Syntax: --IMAP4ssl enabled|disabled|required
Example: --popssl required
|
Option |
Description |
|---|---|
|
enabled |
The IMAP4 client determines whether an SSL connection or non-SSL connection is used. By default, the GWIA listens for SSL connections on port 993 and non-SSL connections on port 143. You can use the ‑‑imapsport and ‑‑imapport switches to change these ports. |
|
required |
The GWIA forces SSL connections on port 993 and port 143. Non-SSL connections are denied. You can use the ‑‑imapsport and ‑‑imapport switches to change these ports. |
|
disabled |
The GWIA listens for connections only on port 143, and the connections are not secure. You can use the /imapport switch to change this port. |
Configures the GWIA to use a secure (SSL) connection with an LDAP server. For more information about why the GWIA would need to connect to an LDAP server, see Section 34.9, Log File Switches
Syntax: /ldapssl
Sets the SSL cipher suites used by the Archive Agent, the Messaging Agent, and Messenger clients. The cipher list must be in OpenSSL format. For more information on OpenSSL format, see Cipher List Format
|
Linux |
Windows |
|---|---|---|
|
Syntax: |
--sslciphersuite “setting” |
/sslciphersuite-”setting” |
|
Example: |
--sslciphersuite “HIGH:!AECDH:!EXP:@STRENGTH” |
/sslciphersuite-”HIGH:!AECDH:!EXP:@STRENGTH” |
Specify a specific SSL protocol to disable. By specifying SSL_OP_NO_TLSv1, GroupWise will disable TLSv1 support. Specify additional options by adding the SSL key work separated by a comma.
|
Linux |
Windows |
|---|---|---|
|
Syntax: |
--ssloption SSL_protocol |
/ssloption SSL_protocol |
|
Example: |
--ssloption SSL_OP_NO_TLSv1,SSL_OP_NO_TLSv1_1 |
/ssloption SSL_OP_NO_TLSv1,SSL_OP_NO_TLSv1_1 |