Configuring the Gateway servers to use SSL
Apply the new SSL definition to the IBM® Sametime® Gateway servers.
Before you begin
About this task
Procedure
- In the Integrated Solutions Console, click Security > SSL certificate and key management > Manage endpoint security configurations..
-
Expand the Inbound node on the local topology tree.
- Expand cell with Gateway server.
- Expand nodes.
- Expand node with Gateway server.
- Expand servers.
- Select Gateway server from the tree.
- On the configuration panel, select Override inherited values.
- Select the SSL configuration that you defined from the SSL configuration list.
- Click Update certificate alias list.
- Select your certificate alias from the Certificate alias in key store list.
- Click Apply.
- Repeat the preceding steps on the Outbound node of the local topology tree.
- Synchronize your changes to all nodes in the cluster. Click System Administration > Nodes.
- Select all nodes in the cluster, then click Full Resynchronize.
-
Modify the ssl.client.props file for the SIP proxy server to specify
TLSv1.2.
-
On the server, locate the ssl.client.props file.
This file is stored in the following location: profile_root\properties
-
Edit the file and change the
com.ibm.ssl.protocol
setting toTLSv1.2
.com.ibm.ssl.protocol=TLSv1.2
- Save and close the file.
- Restart the node agent.
- Restart the server.
- Repeat this step on all SIP proxy server nodes.
-
On the server, locate the ssl.client.props file.
- Open a command window.
-
In the command window, stop the deployment manager and wait for the command to finish; then
restart the deployment manager.
To stop the deployment manager, navigate to the
profile_root\bin
directory and use the following commands:AIX® and Linux™.
./stopManager.sh -username username -password password ./startManager.sh
Windows™
stopManager.bat -username username -password password startManager.bat
-
Restart the node agents.
- Log into the Integrated Solutions Console (http://localhost:9060/ibm/console) on the deployment manager node.
- Click System Administration > Node agents .
- Select all node agents, and then click Restart.
- Click Servers > Clusters.
- Select the Sametime Gateway Server cluster, and click Stop, and then wait for the cluster to stop.
- Click Servers > Clusters.
- Select the Sametime Gateway Server cluster, and click Start.