Defining the new SSL configuration for a cluster

Complete these steps to create a new SSL configuration for a cluster of IBM® Sametime® Gateway Servers.

About this task

Secure Sockets Layer (SSL) configurations contain the attributes that you need for controlling the behavior of client and server SSL endpoints. Create a single SSL configuration to be used on the inbound and outbound trees in the configuration topology for the application servers.

Procedure

  1. Ensure that the deployment manager and node agents are started, and the servers are stopped.
  2. Define the SSL configuration as follows:
    1. In the Integrated Solutions Console, click Security > SSL certificate and key management > SSL Configurations.
    2. Click New to display the SSL configuration panel.
    3. Type a name in the Name field for your SSL configuration.
    4. In the Trust store name list, replace the default CellDefaultKeyStore value with CellDefaultTrustStore. The truststore name refers to a specific truststore that holds signer certificates that validate the trust of certificates sent by remote Connections during an SSL handshake.
    5. Select the keystore that you created from the Keystore name list. A keystore contains the personal certificates that represent a signer identity and the private key that WebSphere® Application Server uses to encrypt and sign data.
    6. Click Get certificate aliases.
    7. Select your certificate alias as the default server certificate alias.
    8. Select your certificate alias as the default client certificate alias.
    9. Click Apply, and then click Save to update the master configuration.
  3. Update the configuration to use TLS version 1.2 as follows:
    1. In the navigation list, click Security > SSL certificate and key management.
    2. In the "Related Items" section, click SSL Configurations.
    3. Click the link that represents the new SSL configuration.
    4. On the configuration page, look in the "Additional Properties" section and click Quality of Protection (QoP) Settings.
    5. Set the protocol to TLSv1.2.
    6. Click Apply and then click Save to update the master configuration.
  4. Click System Administration > Cell > Custom Properties, and then click New. Complete these steps:
    1. In the Name field, enter gateway.xmpp.SSLConfiguration.
    2. In the Value field, enter the name of the SSL configuration you created in step 3 of this procedure.
    3. Click OK.
    4. Click New.
    5. In the Name field, enter com.ibm.sametime.gateway.vp.ssl.config.name.
    6. In the Value field, enter the name of the SSL configuration you created in step 3.
    7. Click Apply and then click Save to update the master configuration.
  5. Synchronize your changes to all nodes in the cluster. Click System Administration > Nodes.
  6. Select all nodes in the cluster, then click Full Resynchronize.