IMPORTANT:This section applies to SMG on Ubuntu. For information about certificates on SMG on SLES, see Managing Certificates.
To secure the Secure Messaging Gateway Web interface SSL must be enabled directly in apache. See the apache documentation ( ).
Go to /etc/apache2/sites-enabled/.
Create a new file (Name the config file something useful, like: smg.domain.com.conf) by typing: vi newfilename.conf.
Hit the Insert key to start editing it.
Copy this in the new file and make the necessary changes:
<VirtualHost *:443> ServerAdmin notify@domain.com ServerName server.domain.com DocumentRoot /opt/gwava/gwavaman/http SSLEngine on SSLProtocol ALL -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS:!3DES SSLCompression Off Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;" SSLCertificateFile /crt file SSLCertificateKeyFile /key file SSLCertificateChainFile /Intermediate file SSLUseStapling on ErrorLog ${APACHE_LOG_DIR}/error-ssl.log CustomLog ${APACHE_LOG_DIR}/access-ssl.log combined</VirtualHost>
Put the cert, key, and intermediate file on the server (an Intermediate file is not required but recommended).
Edit the path for each file above including the filename (case sensitive). If not using an Intermediate file you can comment this line out by putting a # in front of it.
Save by pressing the Escape key and then typing: :wq.
Run the command: a2enmod ssl.
Run the command: a2enmod headers.
Restart apache by typing: service apache2 restart
Test it by running this command: apachectl configtest
If you get a “Syntax ok” then you can restart apache again to beginning using SSL.
Once enabled the server can be configured under "Manage Servers" Enabling SSL on Secure Messaging Gateway to be accessed via https://<smghost_address>