[ngw] Firefox 92

Craig Meads craigm at cwise.co.nz
Wed Sep 15 00:12:16 UTC 2021


Hi Marvin

To the best of my recollection, I used DSAPP to to create the
certificates and concatenated the Intermediates as well, from Sectigo.

The Server is called mobility.cwise. The certificate is
gwweb_cwise_co_nz

I set up a DNS record of gwweb.cwise.co.nz to find the server
(203.109.245.77) 

For example on GMS I have users going to https://gwweb.cwise.co.nz:447
and it works fine. (I use 447 because 443 is still being used on the OES
Server for Webaccess)

In Docker, I use port 446 for 443.

GW Web works fine, except for the certificate errors. I copied and
renamed the gwweb certificate and key to server.crt and key and
referenced it in the Docker command line. But still no joy.

For the moment the GW Web still works (you can Accept and Continue),
but the GW Admin fails and cannot be accessed.

You can see what I mean if you try and access it with
https://gwweb.cwise.co.nz:9710/gwadmin-console

Cheers

Craig


>>> "Marvin Huffaker" <mhuffaker at redjuju.com> 15/09/2021 09:09 >>>
Craig, I don't use firefox so I don't know about that issue. But for
GWWEB...

For The GroupWise Web issue you may need to ensure your intermediate
certificate is included in the chain..   docker seems to really dumb
things down and that's one thing I hate, I feel like I've lost control
of things. But at the same time, there's only a few ways to screw it
up.

The thing is, each device determines how strictly it enforces things..
So while your current config may work on some things it won't on other
devices that enforce stricter requirements.

What is the URL to your gwweb? I could look at it and give a better
diagnosis.

Incomplete Certificate Chain
Your certificate chain will most likely be incomplete because there is
no directive in the command line to load an Intermediate or Chain
certificate. To overcome this obstacle, you concatenate the
certificate
file and the intermediate certificate file into the same server.crt
certificate. The following command will accomplish this task:
cat My_CA_Bundle.ca-bundle >> /opt/novell/gw/certs/server.crt
Note: Substitute the actual intermediate or chain certificate from
your
commercial certificate provider in place of the bundle file listed in
the syntax.
>>> "Craig Meads" <craigm at cwise.co.nz> 9/14/2021 12:55 AM >>>
Hi there

I see my Firefox has updated itself on Windows 10 to version 92.

Now if I want to access GW-Admin 
(https://192.168.10.1:9710/gwadmin-console) I get the lovely screen as
below:


Secure Connection Failed

An error occurred during a connection to 192.168.10.1:9710. SSL peer
had some unspecified issue with the certificate it received.

Error code: SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT

	The page you are trying to view cannot be shown because the
authenticity of the received data could not be verified.
	Please contact the website owners to inform them of this
problem.

Learn more…

You can no longer choose to press ahead and ignore this anymore.

Does anyone know how to get around this, as it is only a matter of
time
before Firefox on SLES and Chrome on Windows also do this?

I also have not been able to get GW Web to operate successfully using
a
commercial certificate yet. Mobility on IOS 13 and above works good,
but
putting the certificate and key in a separate folder and renaming to
server.crt and server.key, and refencing them in the Docker command,
just seems to be ignored by Chrome on my test Android device.

Cheers

Craig



More information about the ngw mailing list