Configure TLSv1.2 settings on the Sametime®
System Console.
About this task
Improve the security of your Sametime deployment by
enabling servers to communicate with TLSv1.2.
Procedure
-
On the Sametime System Console, enable TLSv1.2 for the specified SSL configurations as follows:
-
Log in to the WebSphere® Integrated Solutions
Console as the WebSphere administrator.
-
In the navigation list, click .
-
In the "Related Items" section, click SSL Configurations.
-
Click the link that represents the SSL configuration that you will update to use TLSv1.2.
-
On the configuration page, look in the "Additional Properties" section and click
Quality of Protection (QoP) Settings.
-
In the Protocol field, select TLSv1.2.
-
Click Apply and then click Save to update the
master configuration.
-
Modify the ssl.client.props file for the System Console deployment manager
to specify TLSv1.2.
-
On the server, locate the ssl.client.props file.
This file is stored in the following location:
/IBM/WebSphere/AppServer/profiles/STSCDMgrProfile/properties
-
Edit the file and change the
com.ibm.ssl.protocol
setting to
TLSv1.2
.
com.ibm.ssl.protocol=TLSv1.2
-
Save and close the file.
-
Stop the deployment manager by running the stopManager.sh (AIX®, Linux™) or stopManager.bat (Windows™) script.
For example, on Linux:
sh /opt/IBM/WebSphere/AppServer/profiles/ STSCDMgrProfile/bin/stopManager.sh –username wasadmin –password password
-
Start the deployment manager by running the startManager.sh (AIX, Linux) or startManager.bat (Windows) script.
For example, on Linux:
sh /opt/IBM/WebSphere/AppServer/profiles/ STSCDMgrProfile/bin/startManager.sh
-
Stop the STConsoleServer application server by running the stopServer.sh (AIX, Linux) or stopServer.bat (Windows) script.
For example, on Linux:
sh /opt/IBM/WebSphere/AppServer/profiles/STSCAppProfile/bin/stopServer.sh STConsoleServer –username wasadmin –password password
-
Stop the STConsoleServer node agent by running the stopNode.sh (AIX, Linux) or stopNode.bat (Windows) script.
For example, on Linux:
sh /opt/IBM/WebSphere/AppServer/profiles/STSCAppProfile/bin/stopNode.sh –username wasadmin –password password
-
Modify the ssl.client.props file for the System Console application server
to specify TLSv1.2.
-
On the server, locate the ssl.client.props file.
This file is stored in the following location:
/IBM/WebSphere/AppServer/profiles/profile_name/properties
-
Edit the file and change the
com.ibm.ssl.protocol
setting to
TLSv1.2
.
com.ibm.ssl.protocol=TLSv1.2
-
Save and close the file.
-
Sync the STConsoleServer node with the deployment manager by running the
syncNode.sh (AIX, Linux) or syncNode.bat (Windows) script.
For example, on Linux:
sh /opt/IBM/WebSphere/AppServer/profiles/STSCAppProfile/bin/syncNode.sh SSC_Host_Name 8703 –username wasadmin –password password
-
Start the STConsoleServer node agent by running the startNode.sh (AIX, Linux) or startNode.bat (Windows) script.
For example, on Linux:
sh /opt/IBM/WebSphere/AppServer/profiles/STSCAppProfile/bin/startNode.sh
-
Start the STConsoleServer application server by running the startServer.sh (AIX, Linux) or startServer.bat (Windows) script.
For example, on Linux:
sh /opt/IBM/WebSphere/AppServer/profiles/STSCAppProfile/bin/startServer.sh STConsoleServer
-
Log in to the WebSphere Integrated Solutions
Console as the WebSphere administrator.
-
Click
-
On the Application servers page, verify that the Sametime System Console (STConsoleServer) is reachable and is in a started state.