Configure TLSv1.2 settings on the Sametime®
Conference Manager and Sametime SIP Proxy/Registrar servers.
About this task
Improve the security of your Sametime deployment by
enabling servers to communicate with TLSv1.2.
Procedure
Complete this task for every Conference Manager and every SIP Proxy/Registrar in the
deployment.
-
Enable TLSv1.2 for the NodeDefaultSSLSettings SSL configuration as follows:
-
On the Sametime System Console, log in to the WebSphere® Integrated Solutions Console as the WebSphere administrator.
-
In the navigation list, click .
-
In the "Related Items" section, click SSL Configurations.
-
Click the NodeDefaultSSLSettings link.
-
On the configuration page, look in the "Additional Properties" section and click
Quality of Protection (QoP) Settings.
-
In the Protocol field, select TLSv1.2.
-
Click Apply and then click Save to update the
master configuration.
-
Stop the STMediaServer application server by running the stopServer.sh
(AIX®, Linux™) or
stopServer.bat (Windows™) script.
For example, on Linux:
sh /opt/IBM/WebSphere/AppServer/profiles/STMSAppProfile/bin/stopServer.sh STMediaServer –username wasadmin –password password
-
Stop the STMedia node agent by running the stopNode.sh (AIX, Linux) or
stopNode.bat (Windows) script.
For example, on Linux:
sh /opt/IBM/WebSphere/AppServer/profiles/STMSAppProfile/bin/stopNode.sh –username wasadmin –password password
-
Modify the ssl.client.props file to specify TLSv1.2.
-
On the server, locate the ssl.client.props file.
This file is stored in the following location:
$AppServer/profiles/STMSAppProfile/properties/ssl.client.props
-
Edit the file and change the
com.ibm.ssl.protocol
setting to
TLSv1.2
.
com.ibm.ssl.protocol=TLSv1.2
-
Save and close the file.
-
Sync the STMediaServer node with the deployment manager by running the
syncNode.sh (AIX, Linux) or syncNode.bat (Windows) script.
For example, on Linux:
sh /opt/IBM/WebSphere/AppServer/profiles/STMSAppProfile/bin/syncNode.sh SSC_Host_Name 8703 –username wasadmin –password password
-
Start the STMedia node agent by running the startNode.sh (AIX, Linux) or
startNode.bat (Windows) script.
For example, on Linux:
sh /opt/IBM/WebSphere/AppServer/profiles/STMSAppProfile/bin/startNode.sh
-
Start the STMedia application server by running the startServer.sh (AIX, Linux) or
startServer.bat (Windows)
script.
For example, on Linux:
sh /opt/IBM/WebSphere/AppServer/profiles/STMSAppProfile/bin/stopServer.sh STMediaServer
-
On the Sametime System Console, log in to the WebSphere Integrated Solutions Console as the WebSphere administrator.
-
Click
-
Remember to complete this task for every Sametime Conference Manager and every Sametime SIP
Proxy/Registrar in the deployment.
What to do next
On the Application servers page, verify that the all of the Conference
Manager servers and SIP Proxy/Registrar servers are reachable and in a started state.