Joeri Klaassen | 0 | 0 | Blog

Use a wildcard certificate with GroupWise Mobility Service

The GroupWise Mobility Service works out of the box with a self-signed certificate, but this certificate is not always picked up that well by mobile devices. We installed a wildcard godaddy certificate, read here how I did it.

(tested with a godaddy  certificate which was imported to eDirectory. And tested with a Comodo certificate in P12 format)

Create an export of the public key and the private key in iManager. The file created is a .pfx file.

The Comodo certificate was in P12 format, but the actions stay the same.

Copy the file to the linux server and run the following commands:

Export the private key file from the pfx file
openssl pkcs12 -in filename.pfx -nocerts -out key.pem

Export the certificate file from the pfx file
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem

This removes the passphrase from the private key so Apache won’t
prompt you for your passphase when it starts
openssl rsa -in key.pem -out server.key

Concatenate the certificates:

cat server.key >> cert.pem

Create a backup of:

/var/lib/datasync/device/mobility.pem

and

/var/lib/datasync/webadmin/server.pem

and run the following commands:

cp cert.pem /var/lib/datasync/webadmin/server.pem

cp cert.pem /var/lib/datasync/device/mobility.pem

For mobile devices create a .cert file via:

openssl x509 -in mobility.pem -inform PEM -out mobility.cer -outform DER

and place the mobility.cer file next to the mobility.pem file in the /var/lib/datasync/device/ directory

Restart the datasync server:

rcdatasync restart

Test:

Go to https://<url of the datasync-server> and check if the certificate is active.