[ngw] Firefox 92

David Krotil David.Krotil at hilo.cz
Wed Sep 15 01:43:31 UTC 2021

Hi Craig,
I looked on your GMS Admin Console and your CA is GroupWise there, not
Sectigo. Sync interface has proper certificate in place. 

mobility.pem and server.pem should be same files ( certificates ),
server.pem is fine, mobility.pem should be replaced with server.pem

Review steps with https://support.microfocus.com/kb/doc.php?id=7006904


Obsah tohoto e-mailu a všechny připojené soubory jsou důvěrné a mohou
být chráněny zákonem. Tento e-mail je určen výhradně jeho adresátovi
a jiné osoby do něj nejsou oprávněny nahlížet či s ním jakkoliv
nakládat, jinak se dopustí protiprávního jednání. V případě, že
nejste adresátem tohoto e-mailu, prosíme o jeho vymazání a o podání
e-mailové zprávy. 

The content of this e-mail and any attached files are confidential and
may be legally privileged. It is intended solely for the addressee.
Access to this e-mail by anyone else is unauthorized. If you are not the
intended recipient, any disclosure, copying, distribution or any action
taken or omitted to be taken in reliance on it, is prohibited and may be
unlawful. In this case be so kind and delete this e-mail and inform us
about it.

>>> "Craig Meads" <craigm at cwise.co.nz> 15.09.2021 2:12 >>>
Hi Marvin

To the best of my recollection, I used DSAPP to to create the
certificates and concatenated the Intermediates as well, from Sectigo.

The Server is called mobility.cwise. The certificate is

I set up a DNS record of gwweb.cwise.co.nz to find the server

For example on GMS I have users going to https://gwweb.cwise.co.nz:447

and it works fine. (I use 447 because 443 is still being used on the
Server for Webaccess)

In Docker, I use port 446 for 443.

GW Web works fine, except for the certificate errors. I copied and
renamed the gwweb certificate and key to server.crt and key and
referenced it in the Docker command line. But still no joy.

For the moment the GW Web still works (you can Accept and Continue),
but the GW Admin fails and cannot be accessed.

You can see what I mean if you try and access it with



>>> "Marvin Huffaker" <mhuffaker at redjuju.com> 15/09/2021 09:09 >>>
Craig, I don't use firefox so I don't know about that issue. But for

For The GroupWise Web issue you may need to ensure your intermediate
certificate is included in the chain..   docker seems to really dumb
things down and that's one thing I hate, I feel like I've lost control
of things. But at the same time, there's only a few ways to screw it

The thing is, each device determines how strictly it enforces things..
So while your current config may work on some things it won't on other
devices that enforce stricter requirements.

What is the URL to your gwweb? I could look at it and give a better

Incomplete Certificate Chain
Your certificate chain will most likely be incomplete because there is
no directive in the command line to load an Intermediate or Chain
certificate. To overcome this obstacle, you concatenate the
file and the intermediate certificate file into the same server.crt
certificate. The following command will accomplish this task:
cat My_CA_Bundle.ca-bundle >> /opt/novell/gw/certs/server.crt
Note: Substitute the actual intermediate or chain certificate from
commercial certificate provider in place of the bundle file listed in
the syntax.
>>> "Craig Meads" <craigm at cwise.co.nz> 9/14/2021 12:55 AM >>>
Hi there

I see my Firefox has updated itself on Windows 10 to version 92.

Now if I want to access GW-Admin 
( I get the lovely screen as

Secure Connection Failed

An error occurred during a connection to SSL peer
had some unspecified issue with the certificate it received.


	The page you are trying to view cannot be shown because the
authenticity of the received data could not be verified.
	Please contact the website owners to inform them of this

Learn more…

You can no longer choose to press ahead and ignore this anymore.

Does anyone know how to get around this, as it is only a matter of
before Firefox on SLES and Chrome on Windows also do this?

I also have not been able to get GW Web to operate successfully using
commercial certificate yet. Mobility on IOS 13 and above works good,
putting the certificate and key in a separate folder and renaming to
server.crt and server.key, and refencing them in the Docker command,
just seems to be ignored by Chrome on my test Android device.



More information about the ngw mailing list