Configuring the SIP proxy server to use SSL
Apply the new SSL definition to the SIP proxy server.
Before you begin
About this task
Procedure
- In the Integrated Solutions Console, click Security > SSL certificate and key management > Manage endpoint security configurations..
- Expand the Inbound node on the local
topology tree.
- Expand cell with sip proxy.
- Expand nodes.
- Expand node with sip proxy.
- Expand servers.
- Select sip proxy server from the tree.
- On the configuration panel, select Override inherited values.
- Select the SSL configuration that you defined from the SSL configuration list.
- Click Update certificate alias list.
- Select your certificate alias from the Certificate alias in key store list.
- Click Apply.
- Repeat the preceding steps on the Outbound node of the local topology tree.
- Change the SSL configuration on the SIP proxy server:
- Click Servers > Proxy Servers > name of your SIP proxy server > SIP Proxy Server Settings > SIP proxy server transports > SIPS PROXY CHAIN > SSL inbound channel (SSL_4).
- In the "SSL Configuration" section, select Centrally Managed.
- Click OK, and then Save.
- Synchronize your changes to all nodes in the cluster. Click System Administration > Nodes.
- Select all nodes in the cluster, then click Full Resynchronize.
- Open a command window.
- In the command window, stop the deployment manager and
wait for the command to finish, and then restart the deployment manager.
Use the user name and password that you provided when you enabled
administrative security to stop the deployment manager. Open a command
window and navigate to the
profile_root\bin
directory and use the following commands:AIX® and Linux™.
./stopManager.sh -username username -password password ./startManager.sh
Windows™
stopManager.bat -username username -password password startManager.bat
- Restart the node agents.
- Log into the Integrated Solutions Console (http://localhost:9060/ibm/console) on the deployment manager node.
- Click System Administration > Node agents .
- Select all node agents, and then click Restart.
-
Modify the ssl.client.props file for the SIP proxy server to specify
TLSv1.2.
-
On the server, locate the ssl.client.props file.
This file is stored in the following location: profile_root\properties
-
Edit the file and change the
com.ibm.ssl.protocol
setting toTLSv1.2
.com.ibm.ssl.protocol=TLSv1.2
- Save and close the file.
- Restart the node agent.
- Restart the server.
- Repeat this step on all SIP proxy server nodes.
-
On the server, locate the ssl.client.props file.
- Click Servers > Clusters.
- Select the Sametime® Gateway Server cluster, and click Stop, and wait for the cluster to stop.
- Click Servers > Clusters.
- Select the Sametime Gateway Server cluster, and click Start.
- Click Servers > Proxy servers.
- Select the SIP proxy server and click Start.