Enabling ports for TLS for a Sametime Media Manager
Edit settings in the stavconfig.xml
file to specify secure ports for TLS
encryption. Do this only if all users are running IBM Sametime clients V8.5.1 or later; older
clients cannot connect to the V9.x Media Manager.
Before you begin
Make a note of the values you need to transfer to stavconfig.xml
from
the Sametime® SIP/Proxy
Registrar, Conference Manager, and Video Manager servers. Open the WebSphere® Application Server
Integrated Solutions Console for each server and click .
Find the values for a non-clustered or clustered environment.
- SIP/Proxy Registrar
SIP_ProxyRegHOST/SIP_ProxyRegSECURE
- Conference Manager
SIP_DEFAULTHOST/SIP_DEFAULTHOST_SECURE port
- Video Manager
SIP_DEFAULTHOST/SIP_DEFAULTHOST_SECURE port
Clustered environment
- SIP/Proxy Registrar
SIP_ProxyRegHOST/SIP_ProxyRegSECURE
(Clustered node) WebSphere Application Server proxy host
(Clustered node) WebSphere Application Server proxy secure port
- Conference Manager
SIP_DEFAULTHOST/SIP_DEFAULTHOST_SECURE port
(Clustered node) WebSphere Application Server proxy host
(Clustered node) WebSphere Application Server proxy secure port
- Video Manager
SIP_DEFAULTHOST/SIP_DEFAULTHOST_SECURE port
About this task
The default settings in the stavconfig.xml file specify secure ports. If you have modified this file to use TCP, then it must be modified again for use with TLS encryption. Edit the stavconfig.xml files on the Conference Manager by changing the non-secure ports to secure ports. This file is not used by the SIP Proxy/Registrar.
Follow
these steps to update the stavconfig.xml
file for
every instance of the Media Manager components. When multiple profiles
are installed on the same computer, each profile uses its own copy
of the file and requires the updates.
Procedure
Results
Communications will now take place over the secure ports. If you later switch back to (nonencrypted) TCP or UDP transport protocol, you must change the port settings back to their original values. For SIP transport, you should use either TLS or TCP transport protocols.