Complete these steps to create a new SSL configuration for the deployment manager and
node agents in a cluster of IBM®
Sametime® Gateway Servers.
About this task
Secure Sockets Layer (SSL) configurations contain the attributes that you need to control the
behavior of client and server SSL endpoints. Modify the default SSL configuration to be used on the
inbound and outbound trees in the configuration topology. The deployment manager and the node agents
will use the default SSL configuration, while the application servers will use a new SSL
configuration, which you will create in the next task.
Procedure
-
Ensure that the deployment manager and node agents are started, and the servers are
stopped.
-
Update configuration to use TLS version 1.2 as follows:
-
In the Integrated Solutions Console, click .
-
Click into CellDefaultSSLSettings.
-
On the configuration page, look in the "Additional Properties" section and click
Quality of Protection (QoP) Settings.
-
Set the protocol to TLSv1.2.
-
Click Apply and then click Save to update the
master configuration.
-
Repeat this step for all of the NodeDefaultSSLSettings SSL configurations listed.
-
Edit the security.xml file on every node that is federated to the Deployment manager using the
following steps:
-
Open the
profile_root\config\cells\DMGRCell\security.xml file for
editing.
-
Locate the
CellDefaultSSLSettings Quality of Protection (QoP) Settings
and
chance the value to TLSv1.2
.
For
example:
<repertoire xmi:id="SSLConfig_1" alias="CellDefaultSSLSettings" managementScope="ManagementScope_1">
<setting xmi:id="SecureSocketLayer_1" clientAuthentication="false" securityLevel="HIGH" enabledCiphers="" jsseProvider="IBMJSSE2" sslProtocol="TLSv1.2" keyStore="KeyStore_1" trustStore="KeyStore_2" trustManager="TrustManager_2" keyManager="KeyManager_1">
-
Repeat step b for all of the
NodeDefaultSSLSettings
listed in the file.
For
example:
<repertoire xmi:id="SSLConfig_1386248717790" alias="NodeDefaultSSLSettings" managementScope="ManagementScope_1386248717790">
<setting xmi:id="SecureSocketLayer_1386248717790" clientAuthentication="false" securityLevel="HIGH" enabledCiphers="" jsseProvider="IBMJSSE2" sslProtocol="TLSv1.2" keyStore="KeyStore_1386248717790" trustStore="KeyStore_2" trustManager="TrustManager_1386248717790" keyManager="KeyManager_1386248717790">
Repeat steps a-c for any node that is federated to the deployment manager.
-
Restart the deployment manager.
If the server fails to stop, then restart the operating system before starting the deployment
manager.
-
Restart all node agents.
If the node agents fail to stop, then restart the operating system before starting the node
agents.