GroupWise Web (GWWEB) SSL Certificates
Certificate Format
From the certificate vendor, you typically choose "Apache" format. This typically provides a file with the extension .crt. They also provide their own chain certificates as well in the same format.
Required Files
Requires two files, the Certificate and the Private Key file.
Certificate file: server.crt
Key file: server.key
Note: For GWWEB, the actual names as listed above are required. They are not sample names or placeholders.
Key File Password Status
Key file should NOT have a password.
Command Line to run GWWEB and load SSL certificates:
docker run -d --rm -v /opt/novell/gw:/etc/nginx/gw --name gwweb -e FQDN=webacc.acme.com -e DNS_SERVER=192.168.1.5 -p 80:80 -p 443:443 -v /opt/novell/gw/certs:/certs mfgroupwise/web:latest
For a more detailed discussion about GWWEB, refer to my GWWEB guide here.
Required Files
You must have 2 files in the /opt/novell/gw/certs folder:
- /opt/novell/gw/certs/server.crt
- Obtained from the certificate vendor, it could be named a number of things.
- Copy the certificate file to /opt/novell/gw/certs and rename to server.crt.
- /opt/novell/gw/certs/server.key
- This file was created when you created the Certificate Signing Request, or CSR.
- Copy the key file to /opt/novell/gw/certs and rename to server.key.
Intermediate CA Cert (Incomplete Certificate Chain)
Your certificate chain will most likely be incomplete because there is no directive in the command line to load an Intermediate or Chain certificate. To overcome this obstacle, you concatenate the certificate file and the intermediate certificate file into the same server.crt certificate. The following command will accomplish this task:
cat My_CA_Bundle.ca-bundle >> /opt/novell/gw/certs/server.crt
Note: Substitute the actual intermediate or chain certificate from your commercial certificate provider in place of the bundle file listed in the syntax.