[ngw] Firefox 92
craigm at cwise.co.nz
Wed Sep 15 02:57:02 UTC 2021
Thanks for looking. I'm sorry, I don't really understand what you are
saying though. Groupwise Mobility is working fine. It is the GW Web
(Docker) that has the certificate issue.
Plus now with the new Firefox, I cannot, nor can my clients, access
their Groupwise Admin console anymore, except via a Linux Chrome or
Firefox which hasn't updated to V91 or 92 yet.
>>> "David Krotil" <David.Krotil at hilo.cz> 15/09/2021 13:43 >>>
I looked on your GMS Admin Console and your CA is GroupWise there, not
Sectigo. Sync interface has proper certificate in place.
mobility.pem and server.pem should be same files ( certificates ),
server.pem is fine, mobility.pem should be replaced with server.pem
Review steps with https://support.microfocus.com/kb/doc.php?id=7006904
Obsah tohoto e-mailu a všechny připojené soubory jsou důvěrné a mohou
být chráněny zákonem. Tento e-mail je určen výhradně jeho adresátovi
a jiné osoby do něj nejsou oprávněny nahlížet či s ním jakkoliv
nakládat, jinak se dopustí protiprávního jednání. V případě, že
nejste adresátem tohoto e-mailu, prosíme o jeho vymazání a o podání
The content of this e-mail and any attached files are confidential and
may be legally privileged. It is intended solely for the addressee.
Access to this e-mail by anyone else is unauthorized. If you are not
intended recipient, any disclosure, copying, distribution or any
taken or omitted to be taken in reliance on it, is prohibited and may
unlawful. In this case be so kind and delete this e-mail and inform us
>>> "Craig Meads" <craigm at cwise.co.nz> 15.09.2021 2:12 >>>
To the best of my recollection, I used DSAPP to to create the
certificates and concatenated the Intermediates as well, from Sectigo.
The Server is called mobility.cwise. The certificate is
I set up a DNS record of gwweb.cwise.co.nz to find the server
For example on GMS I have users going to https://gwweb.cwise.co.nz:447
and it works fine. (I use 447 because 443 is still being used on the
Server for Webaccess)
In Docker, I use port 446 for 443.
GW Web works fine, except for the certificate errors. I copied and
renamed the gwweb certificate and key to server.crt and key and
referenced it in the Docker command line. But still no joy.
For the moment the GW Web still works (you can Accept and Continue),
but the GW Admin fails and cannot be accessed.
You can see what I mean if you try and access it with
>>> "Marvin Huffaker" <mhuffaker at redjuju.com> 15/09/2021 09:09 >>>
Craig, I don't use firefox so I don't know about that issue. But for
For The GroupWise Web issue you may need to ensure your intermediate
certificate is included in the chain.. docker seems to really dumb
things down and that's one thing I hate, I feel like I've lost control
of things. But at the same time, there's only a few ways to screw it
The thing is, each device determines how strictly it enforces things..
So while your current config may work on some things it won't on other
devices that enforce stricter requirements.
What is the URL to your gwweb? I could look at it and give a better
Incomplete Certificate Chain
Your certificate chain will most likely be incomplete because there is
no directive in the command line to load an Intermediate or Chain
certificate. To overcome this obstacle, you concatenate the
file and the intermediate certificate file into the same server.crt
certificate. The following command will accomplish this task:
cat My_CA_Bundle.ca-bundle >> /opt/novell/gw/certs/server.crt
Note: Substitute the actual intermediate or chain certificate from
commercial certificate provider in place of the
bundle file listed in
>>> "Craig Meads" <craigm at cwise.co.nz> 9/14/2021 12:55 AM >>>
I see my Firefox has updated itself on Windows 10 to version 92.
Now if I want to access GW-Admin
(https://192.168.10.1:9710/gwadmin-console) I get the lovely screen as
Secure Connection Failed
An error occurred during a connection to 192.168.10.1:9710. SSL peer
had some unspecified issue with the certificate it received.
Error code: SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT
The page you are trying to view cannot be shown because the
authenticity of the received data could not be verified.
Please contact the website owners to inform them of this
You can no longer choose to press ahead and ignore this anymore.
Does anyone know how to get around this, as it is only a matter of
before Firefox on SLES and Chrome on Windows also do this?
I also have not been able to get GW Web to operate successfully using
commercial certificate yet. Mobility on IOS 13 and above works good,
putting the certificate and key in a separate folder and renaming to
server.crt and server.key, and refencing them in the Docker command,
just seems to be ignored by Chrome on my test Android device.
ngw mailing list
ngw at ngwlist.com
More information about the ngw