[ngw] Admin service SSL certificate questions
DGerisch at co.tulare.ca.us
Thu Jun 22 18:19:37 UTC 2017
Hmmm. Point of technicality:
openssl s_client -connect
openssl s_client -host -port
give me two different certificate chains. the -connect chain is
correct, with the primary domain certificate listed.
>>> "David Gerisch" <DGerisch at co.tulare.ca.us> 2017-06-22 10:31 >>>
I forgot to mention that the command to check what the server sees is
openssl s_client -host <insert hostname here> -port 9710
After it goes through checking, and reporting what SSL certificates
being used, you will have to hit Control-C to break out.
>>> "David Gerisch" <DGerisch at co.tulare.ca.us> 6/22/2017 10:25 AM >>>
I'm trying to do some scripting against the GroupWise Administration
Service, and I'm running into SSL errors, because my certificates
configured correctly (apparently). Two questions:
Question 1) If the primary domain admin service certificate has a
common name of CN=TULARE_COUNTY-CA but my post office server admin
service certificate says CN=INSTALL-CA - is that probably the source
my problem? The post office server says the certificate chain
and the primary domain admin service certificate is none of those.
problem that I'm getting is that during the SSL negotiation phase of
connecting to the admin service on the local machine, I get
Question 2) It doesn't look very hard to replace the certificates -
what are the implications / side effects?
It looks like all I have to do is run gwadminutil-certinst per the
documentation. But I don't know if that's going to cause any
or need any sort of service restarts or such. Does it affect the way
clients connect to the POA?
More information about the ngw