Enabling TLSv1.2 for Sametime Base Meeting Server
Configure TLSv1.2 settings on the Sametime® Base Meeting Server.
About this task
Improve the security of your Sametime deployment by enabling servers to communicate with TLSv1.2.
Procedure
- On the Sametime System Console, log in to the WebSphere® Integrated Solutions Console as the WebSphere administrator.
- Click Security > SSL certificate and key management > SSL configurations.
-
Enable TLS for the NodeDefaultSSLSettings SSL configuration:
-
Select the NodeDefaultSSLSettings configuration.
For example: (cell):SSCHostnameSSCCell:(node):STMHostnameSTMNode).
- In the "Additional Properties" section, click Quality of Protection (QoP) setting.
- Change the Protocol setting to TLSv1.2.
- Click OK.
- Update the master configuration by clicking Save in the "Messages" box at the beginning of the page.
- Repeat this step for every NodeDefaultSSLSettings SSL configuration that belongs to the Sametime Base Meeting Server.
-
Select the NodeDefaultSSLSettings configuration.
-
Stop the STMeetingServer application server by opening a command window and running the
stopServer.bat (Windows™) or
stopServer.sh (AIX®, Linux™) script.
For example on Linux:
sh /opt/IBM/WebSphere/AppServer/profiles/STMAppProfile/bin/stopServer.sh STAdvancedServer –username wasadmin –password password
-
Stop the STMeetingServer node agent by running the stopNode.bat (Windows) or stopNode.sh (AIX, Linux) script.
For example on Linux:
sh /opt/IBM/WebSphere/AppServer/profiles/STMAppProfile/bin/stopNode.sh –username wasadmin –password password
-
Modify the ssl.client.props file to ensure that the server it can
communicate with the System Console using TLSv1.2.
- On the server, open the $AppServer/profiles/STMAppProfile/properties/ssl.client.props file.
-
Edit the file and change the
com.ibm.ssl.protocol
setting toTLSv1.2
.com.ibm.ssl.protocol=TLSv1.2
- Save and close the file.
-
Sync the node with the deployment manager by running the syncNode.bat (Windows) or syncNode.sh (AIX, Linux) script.
For example on Linux:
sh /opt/IBM/WebSphere/AppServer/profiles/STMAppProfile/bin/syncNode.sh SSC_Host_Name 8703 –username wasadmin –password password
If you encounter problems when syncing the nodes, verify that TLSv1.2 was properly enabled on the server. If you still see problems, restart the server and sync again.
-
Start the STMeetingServer node agent by running the startNode.bat (Windows) or startNode.sh (AIX, Linux) script.
For example on Linux:
sh /opt/IBM/WebSphere/AppServer/profiles/STMAppProfile/bin/startNode.sh
-
Start the STMeetingServer application server by opening a command window and running the
startServer.bat (Windows) or
startServer.sh (AIX, Linux) script.
For example on Linux:
sh /opt/IBM/WebSphere/AppServer/profiles/STMAppProfile/bin/startServer.sh STMeetingServer
-
Open a browser and navigate to the Sametime System
Console and verify that all Sametime Base Meeting Servers
can be accessed and are in a started state.
You can navigate to the Sametime System Console with the following URL:
https://SSC_Host_Name:8701/ibm/console