The GWIA can use SSL to enable secure SMTP, POP, IMAP, and HTTP connections. The following switches can be used to 1) specify the server certificate file, key file, and key file password required for SSL and 2) enable or disable SSL for SMTP, POP, IMAP, and HTTP connections. See Securing Internet Access with TLS Connections to the GWIA.
Specifies the server certificate file to use. The file must be in Base64/PEM or PFX format. If the file is not in the same folder as the GWIA program, specify the full path.
Syntax: --certfile file_name
Example: --certfile \\server1\sys\server1.crt
Specifies a Diffie-Hellman cipher parameters file used for SSL/TLS to replace the default parameters set by GroupWise. GroupWise uses default Diffie-Hellman parameters of 2048 bits to generate the DH key. A valid DH parameter is in PEM format.
|
Linux |
Windows |
|---|---|---|
|
Syntax: |
--dhparm directory/pemfile |
/dhparm directory/pemfile |
|
Example: |
--dhparm /var/tmp/dh.pem |
/dhparm C:\temp\dh.pem |
Specifies the private key file to use. The key file is required if the certificate file does not contain the key. If the certificate file contains the key, do not use this switch. When specifying a file name, use the full path if the file is not in the same folder as the GWIA program.
Syntax: --keyfile file_name
Example: --keyfile \\server1\sys\server1.key
Specifies the private key password. If the key does not require a password, do not use this switch.
Syntax: --keypasswd password
Example: --keypasswd novell
Enables the GWIA to use a secure connection to other SMTP hosts. The SMTP host must also be enabled to use SSL or TLS (Transport Layer Security); if it is not, a non-secure connection is used. Valid settings are enabled and disabled.
Syntax: --smtpssl setting
Example: --smtpssl enabled
Enables the GWIA to use a secure connection to a web browser being used to display the GWIA console. The web browser must also be enabled to use SSL; if it is not, a non-secure connection is used. Valid settings are enabled and disabled.
Syntax: --httpssl setting
Example: --httpssl enabled
Specify the minimum allowed TLS version for LDAP connections. For security reasons, GroupWise defaults to TLS 1.2 as the minimum allowed version. However, to support older directories, you can overwrite the default by specifying either “TSLv1” or “TLSv1_1”.
|
Linux POA |
Windows POA |
|
|---|---|---|
|
Syntax: |
|
|
|
Example: |
|
|
NOTE:Not available in versions older than GroupWise 18.3.
Disables, enables, or requires secure (SSL) connections between POP3 clients and the GWIA.
Syntax: --popssl enabled|disabled|required
Example: --popssl required
|
Option |
Description |
|---|---|
|
enabled |
The POP3 client determines whether an SSL connection or non-SSL connection is used. By default, the GWIA listens for SSL connections on port 995 and non-SSL connections on port 110. You can use the ‑‑popsport and ‑‑popport switches to change these ports. |
|
required |
The GWIA forces SSL connections on port 995 and port 110. Non-SSL connections are denied. You can use the ‑‑popsport and ‑‑popport switches to change these ports. |
|
disabled |
The GWIA listens for connections only on port 110, and the connections are not secure. You can use the ‑‑popport switch to change this port. |
Disables, enables, or requires secure (SSL) connections between IMAP4 clients and the GWIA.
Syntax: --IMAP4ssl enabled|disabled|required
Example: --popssl required
|
Option |
Description |
|---|---|
|
enabled |
The IMAP4 client determines whether an SSL connection or non-SSL connection is used. By default, the GWIA listens for SSL connections on port 993 and non-SSL connections on port 143. You can use the ‑‑imapsport and ‑‑imapport switches to change these ports. |
|
required |
The GWIA forces SSL connections on port 993 and port 143. Non-SSL connections are denied. You can use the ‑‑imapsport and ‑‑imapport switches to change these ports. |
|
disabled |
The GWIA listens for connections only on port 143, and the connections are not secure. You can use the /imapport switch to change this port. |
Sets the SSL cipher suites used by the agents. The cipher list must be in OpenSSL format. For more information on OpenSSL format, see Cipher List Format.
|
Linux POA |
Windows POA |
|---|---|---|
|
Syntax: |
--sslciphersuite “setting” |
/sslciphersuite-”setting” |
|
Example: |
--sslciphersuite “HIGH:!AECDH:!EXP:@STRENGTH” |
/sslciphersuite-”HIGH:!AECDH:!EXP:@STRENGTH” |
Specify a specific SSL protocol to disable. By specifying ssl_OP_NO_sslv1, GroupWise will disable SSLv1 support. Specify additional options by adding the SSL key work separated by a comma.
|
Linux |
Windows |
|---|---|---|
|
Syntax: |
--ssloption ssl_protocol |
/ssloption ssl_protocol |
|
Example: |
--ssloption ssl_OP_NO_sslv1,ssl_OP_NO_sslv1_1 |
/ssloption ssl_OP_NO_sslv1,ssl_OP_NO_sslv1_1 |