|
Home > Archive > Netware Webserver > May 2006 > Certificates for GroupWise GWIA
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Certificates for GroupWise GWIA
|
|
| John Jakus 2006-05-29, 4:57 pm |
| I need to know what I'm doing wrong. I thought I had a good certificate
assigned to the GWIA. Problem is when I make iMAP connections using SSL,
I get the following error:
Unable to verify the identity of SERVERNAME.DOMAIN.COM as a trusted site.
Possible reasons for this error:
The browser does rcognize the Certifiate Authority that issued the
site's certificate.
The site's certificate is incomplete due to a server mis ..
Bla Bla Bla
How can I check that the certiificate is valid so I can use it from all
devices including a motorola RAZR for iMAP with SSL.
Thanks,
John Jakus
| |
| Jim Michael 2006-05-29, 4:57 pm |
| John Jakus wrote:
> Unable to verify the identity of SERVERNAME.DOMAIN.COM as a trusted site.
>
> Possible reasons for this error:
>
> The browser does rcognize the Certifiate Authority that issued the
> site's certificate.
>
> The site's certificate is incomplete due to a server mis ..
>
> Bla Bla Bla
>
> How can I check that the certiificate is valid so I can use it from all
> devices including a motorola RAZR for iMAP with SSL.
Was this a self-signed certificate, or one you purchased from Verisign,
Thawte, etc? It looks like your device will only accept certs signed by
CAs it knows about, which means anything self-signed (eg, generated by
Novell certificate server) will not work. You'll have to purchase a real
certificate and install it.
--
Jim
NSC SYsop
| |
| Jim Michael 2006-05-29, 4:57 pm |
| John Jakus wrote:
> That's too bad :-(
Yep. Note that this is an issue with your specific device, not GWIA. I
have a self-signed cert on my GWIA and *my* IMAP client has no troubles
with it at all.
--
Jim
NSC SYsop
| |
| John Jakus 2006-05-29, 4:57 pm |
| That's too bad :-(
Cheers,
John Jakus
Jim Michael wrote:
> John Jakus wrote:
>
>
> Was this a self-signed certificate, or one you purchased from Verisign,
> Thawte, etc? It looks like your device will only accept certs signed by
> CAs it knows about, which means anything self-signed (eg, generated by
> Novell certificate server) will not work. You'll have to purchase a real
> certificate and install it.
>
| |
| John Jakus 2006-05-29, 4:57 pm |
| I understand because Windows will allow you to add new trusted
certificates. The device won't. Now some devices like the Treo will
allow you to automatically accept unknown certificates.
Looks like Verisign wants $700 for a certificate and $1800 for a true
128 bit. I would only need a standard certificate correct? Also I could
get away with just buying one for the GWIA and using the regular Novell
certificates for everything else.
Forgive any ignorance. I never really studied certificates in detail. I
get them working and don't go any further:-)
Cheers,
John Jakus
Jim Michael wrote:
> John Jakus wrote:
>
> Yep. Note that this is an issue with your specific device, not GWIA. I
> have a self-signed cert on my GWIA and *my* IMAP client has no troubles
> with it at all.
>
>
| |
| Jim Michael 2006-05-29, 4:57 pm |
| John Jakus wrote:
> I understand because Windows will allow you to add new trusted
> certificates. The device won't. Now some devices like the Treo will
> allow you to automatically accept unknown certificates.
Yep.
> Looks like Verisign wants $700 for a certificate and $1800 for a true
> 128 bit. I would only need a standard certificate correct? Also I could
> get away with just buying one for the GWIA and using the regular Novell
> certificates for everything else.
I'm not sure what how Verisign differentiates a "standard" cert from
"true 128 bit", but it sounds like marketing hogwash to me. If a cert is
128bit, it's 128bit (and no one is selling 40 bit certs anymore).
That said, I would ditch verisign and go with a nice wildcard cert from
Digicert (www.digicert.com) You can get a standard (128bit) cert for
$99, or better yet, for half the price of Verisign you can get a
"wildcard" cert for your domain (*.yourdomain.com). This is what we do,
and Digi allows you to put it on an *unlimited* number of servers. So
for $450 you get one cert that will work on any servers you want it to.
--
Jim
NSC SYsop
| |
| John Jakus 2006-05-29, 4:57 pm |
| Jim Michael wrote:
> John Jakus wrote:
>
>
> Yep.
>
>
> I'm not sure what how Verisign differentiates a "standard" cert from
> "true 128 bit", but it sounds like marketing hogwash to me. If a cert is
> 128bit, it's 128bit (and no one is selling 40 bit certs anymore).
>
> That said, I would ditch verisign and go with a nice wildcard cert from
> Digicert (www.digicert.com) You can get a standard (128bit) cert for
> $99, or better yet, for half the price of Verisign you can get a
> "wildcard" cert for your domain (*.yourdomain.com). This is what we do,
> and Digi allows you to put it on an *unlimited* number of servers. So
> for $450 you get one cert that will work on any servers you want it to.
>
>
Thanks!
|
|
|
|
|