I have a GroupWise 7 Mail server running on VMWare ESX 6.0. It works perfectly, but cannot use Web access outside of the office. It works fine in the office, but outside it complains that it's not secure and refuses to connect.
This isn't an easy one, and I have grave doubts if it's possible,, but I ask anyhow. I host my Domain in Canada. xxxxxxxxx.com
Years ago, because of the spam we were being flooded with spam, I asked my hosting company to create a sub-domain, office.xxxxxxxx.com
I asked my Hosting provider if they could supply a Let's encrypt certificate and they told me to go ahead, but you'll have to manually renew it every 90 days. They can't make it automatic.
I'm not prepared to do this and I suspect, after seeing how certificates work, that I would still have to create one for mailserver.office.xxxxx.com.
Does anyone know if this is possible? I doubt many folks have any experience with GroupWise 7, (but it's never been hacked since it came out and Novell refused to put backdoors in for the alphabet agencies). I suspect that's why Novell no longer exists.
If there is an MX record that points to your system, then there is one simple way of obtaining a cert.
Using HTTP authentication, you can run an ACME client on port 80 to obtain a cert.
Me being of the paranoid type, I would NOT use a web server just for that; Instead, I'd run the ACME client in --standalone mode and have it answer the HTTP challenge requests (when needed).
Once the cert is in the system, then it's just a matter of getting GroupWise 7 to use it.
[which I assume you already have some "know how" on that part]
Hmm, my version of Tomcat on GW 7, is Tomcat 4, it isn't sounding promising.
I was at the original launch of NT when the CEO swore to destroy Novell within 2 years. It too them that long to actually get NT to sort of work, so they didn't achieve their goal.
The original Novell people were Mormons from Utah. They were uncomptomising about security, I trusted Novell. It was NEVER hacked online. Today, I stay away from Novell offshoots. There were too many M$ people involved in getting rid of it with the full backing of others and I don't touch SuSE. eDirectory or NDS, which was the main part of Novell, now only works on M$ Windows. Doesn't that tell you something?
I wont ever recommend anything other than keeping an OS and it's subordinate modules current. Getting a certificate from LetsEncrypt can secure a connection but the underlying OS and modules are still vulnerable to attacks. IE:
Netware (which was ditched after 2012) in favor of SLES server
Actually Netware was probably the best part of the Novell Sweet.
Please don't obtain a Let's encrypt certificate and hang it on an outdated and obsolete OS and mail server. You are likely to regret it.
Before someone flags my post I have to say I was certified as a Novell and SLES system administrator from 2003 to 2016. Security is paramount. If your system gets hosed LE is NOT responsible.
I am not trying to tell you how to run your system. I am advising you to do the research and the right thing. Take actions that will be effective to improve your security. You are responsible. No one else.
Anyone reading this thread without experience may think it is OK to employ 16 year old technology. Novell itself will tell you to upgrade and secure your assets.
IMO using Microsoft is even more stupid and using an OS that Microsoft has it's paws into just the same.
Do you think it a coincidence that when M$ finally got rid of its only competitor (Novell), that eDirectory now ONLY runs on M$ servers?
Linux will never take over from M$ because despite it being more secure, normal IT users have a strong dislike of having of type long strings of commands to get anything done. when they can click on a pretty picture.
The Linux community, instead of trying to be competitive, moves further and further away from what IT admins want. A good example of this is the fact that Red Hat removed the nice GUI user admin that existed in release RH7, where you could easily create users and groups, with the rubbish GUI like the one in RH 8, FORCING admins to use the command line.
The other interesting thing I've noticed is that since creating the SSL Certificates, attempts to hack my servers have increased by a factor of 5.