Defining the new SSL configuration for a cluster
Complete these steps to create a new SSL configuration for a cluster of IBM® Sametime® Gateway Servers.
About this task
Secure Sockets Layer (SSL) configurations contain the attributes that you need for controlling the behavior of client and server SSL endpoints. Create a single SSL configuration to be used on the inbound and outbound trees in the configuration topology for the application servers.
Procedure
- Ensure that the deployment manager and node agents are started, and the servers are stopped.
-
Define the SSL configuration as follows:
- In the Integrated Solutions Console, click .
- Click New to display the SSL configuration panel.
- Type a name in the Name field for your SSL configuration.
- In the Trust store name list, replace the default CellDefaultKeyStore value with CellDefaultTrustStore. The truststore name refers to a specific truststore that holds signer certificates that validate the trust of certificates sent by remote Connections during an SSL handshake.
- Select the keystore that you created from the Keystore name list. A keystore contains the personal certificates that represent a signer identity and the private key that WebSphere® Application Server uses to encrypt and sign data.
- Click Get certificate aliases.
- Select your certificate alias as the default server certificate alias.
- Select your certificate alias as the default client certificate alias.
- Click Apply, and then click Save to update the master configuration.
-
Update the configuration to use TLS version 1.2 as follows:
- In the navigation list, click .
- In the "Related Items" section, click SSL Configurations.
- Click the link that represents the new SSL configuration.
- On the configuration page, look in the "Additional Properties" section and click Quality of Protection (QoP) Settings.
- Set the protocol to TLSv1.2.
- Click Apply and then click Save to update the master configuration.
-
Click New. Complete these steps:
, and then click
- In the Name field, enter gateway.xmpp.SSLConfiguration.
- In the Value field, enter the name of the SSL configuration you created in step 3 of this procedure.
- Click OK.
- Click New.
- In the Name field, enter com.ibm.sametime.gateway.vp.ssl.config.name.
- In the Value field, enter the name of the SSL configuration you created in step 3.
- Click Apply and then click Save to update the master configuration.
- Synchronize your changes to all nodes in the cluster. Click .
- Select all nodes in the cluster, then click Full Resynchronize.