Updating the Sametime Meeting Server TLS Certificates

This section provides information on updating the Sametime Meeting Server certificates.

About this task

The Sametime Meeting Server is pre-configured with a self-signed certificate. Use these instructions to replace the self-signed certificate with a third party certificate.

Kubernetes

Follow these steps if you are running the Meeting Server in Kubernetes.

Obtain the certificate(s) and private key. Then, run the following commands to configure the ingress to use them.

  1. For KEY_FILE specify the private key file and for CERT_FILE specify the certificate(s) file.
    kubectl -n ingress-nginx delete secret ingress-tls-cert
    export CERT_NAME=ingress-tls-cert
    export KEY_FILE=privkey.pem
    export CERT_FILE=fullchain.pem
    kubectl -n ingress-nginx create secret tls ${CERT_NAME} --key ${KEY_FILE} --cert ${CERT_FILE}
    kubectl patch deployment nginx-ingress-controller -n ingress-nginx --patch "$(cat kubernetes/ingress/nginx-tls-patch.yaml)"
  2. Restart the ingress controller:
    kubectl scale deployment nginx-ingress-controller -n ingress-nginx --replicas=0
    kubectl scale deployment nginx-ingress-controller -n ingress-nginx --replicas=1

Procedure for Docker

Follow these steps if you are running the Meeting Server in Docker.

  1. Docker compose down.
  2. Replace the cert and key files in <install dir>./jitsi-config/web/keys/cert.crt and cert.key with the correct key and crt file.
  3. Docker compose up -d.
    Note: These changes will be lost if you delete or remove the jitsi-config folder which may be required in other steps.