How To Add An SSL Certificate To The GWAVA Server

  • Document ID:7020285
  • Creation Date:24-Apr-2014
  • Modified Date:18-Jul-2018
    • Micro Focus Products:
      GWAVA (Secure Messaging Gateway)

Environment

GWAVA 4 / 5 / 6

Situation

How do I add an SSL certificate to the GWAVA server?

Resolution

GWAVA requires that you have a key, and crt (certificate) file in order to use SSL for GWAVAMAN, QMS, or to use incoming, and outgoing messages with TLS. 

Tip: For ease, and convenience it is recommended to copy the .key, and crt files to the GWAVA server. Go to /opt/beginfinite/gwava and create a directory called certs. Place all the SSL files in this directory. This makes it easy to know where the SSL files are located, and to add in the path into the GWAVA configuration. It is also helpful if you need to contact support. 

1) You will need a .crt and a .key file.

You can use certificate files that are already in use in your system or you can create new ones.
If you need help creating these files follow the steps in the following article:

Generating A Certificate - SSL


2) Copy the certificate and key files to the GWAVA server.

The default location to place these files on the server is /opt/beginfinite/gwava/certs.
If this directory does not exist it can be created. It is not required to place the files in this location. They can be put in any folder as long as the path to the files is known.


3) Configure the path and password for the certificate

GWAVA 6:

Click on Server / Interface Management - [Server name] - Server management - Configure server


On the right enhance the 'SSL configuration' menu.

Add the exact path where the .crt and .key files are located in the 'SSL certificate file' and 'SSL key file' field and add the key password to 'SSL key password' if required.


Save the changes.

An intermediate certifcate can be added optionally by adding the SSL chain file and the chain certs directory that contains all files for the intermediate certificate.

The cipher list is also optional. A possible cipher list that could be used, which would disable insecure RC4 ciphers is: HIGH:!aNULL:!MD5:!RC4
For further information on cipher lists it is recommended to do further research on the syntax that can be used to exclude specific ciphers.

SSLv2 and SSLv3 are considered insecure and are disabled by default.


GWAVA 4 / 5:

Click on Server/Scanner Management - [Server name] - Server management - Configure server


On the right click 'Show Advanced Connectivity Settings'.

Add the exact path where the .crt and .key files are located in the 'SSL Cert. File' and 'SSL Key File' field and the key password to 'SSL Key Password' if required.


Save the changes.


4) Restart GWAVA

Have a look at these articles if you need help to restart GWAVA:

How To Restart GWAV On Linux

How To Restart GWAV On Windows

Additional Information

This article was originally published in the GWAVA knowledgebase as article ID 2280.