The GWIA can use the SSL (Secure Socket Layer) protocol to enable secure connections to other SMTP hosts, POP/IMAP clients, and the GWIA console. For the GWIA to do so, you must ensure that it has access to a server certificate file and that you have configured the connection types (SMTP, POP, IMAP, HTTP) you want secured through SSL.
For background information about SSL and how to set it up on your system, see Section 90.2, Server Certificates and SSL Encryption.
To configure the GWIA to require SSL:
In the GroupWise Admin console, browse to and click the GWIA.
On the GroupWise tab, click SSL Settings.
(Conditional) If you need to generate a new self-signed certificate for the GWIA:
The GroupWise Admin Service generates a certificate signing request (CSR) and a private key file, and then sends them to the GroupWise certificate authority (CA) on the primary domain. The CA issues the requested certificate, which is then returned to the local server.
Click Generate Certificate.
Specify and confirm the password for the private key file for the new SSL certificate, then click OK.
The newly created SSL certificate and private key files display on the SSL Settings tab.
Click Save to save the SSL certificate and key files.
(Conditional) If you already have an SSL certificate and key file for the GWIA:
In the SSL Certificate File field, click the Browse icon.
Click Upload Local File to Server, then click Browse.
Browse to and select the SSL certificate file on your local workstation.
You can use certificate files in the PEM, PFX, CRT, B64, or CER format.
Click Upload to upload the certificate file into the GroupWise certificates folder on the server where the GWIA is running.
Click OK.
In the SSL Key File field, browse to, select, and upload the private key file, then click OK.
Click Save to save the SSL certificate and key files.
To enable or require SSL connections for the GWIA, click Agent Settings on the GroupWise tab.
Enable or require SSL connections between the GWIA and the MTA, select Enabled or Required in the Message Transfer SSL drop-down list.
The MTA must also use SSL for the connection to be secure. See Section 22.2.1, Securing the Domain with SSL Connections to the MTA.
IMPORTANT:To prevent closed links between agents, select Enabled when you are initially configuring agents for SSL. Select Required for tighter security only after all agents are successfully using SSL.
(Optional) Select Enabled or Required in the SSL drop-down list for other protocols as needed.
Click Save, then click Close to return to the main Admin console window.