Configuring the Gateway servers to use SSL

Apply the new SSL definition to the IBM® Sametime® Gateway servers.

Before you begin

Expected state: the deployment manager and all node agents in the cluster are started.

About this task

For additional information about default paths, see Directory conventions.

Procedure

  1. In the Integrated Solutions Console, click Security > SSL certificate and key management > Manage endpoint security configurations..
  2. Expand the Inbound node on the local topology tree.
    1. Expand cell with Gateway server.
    2. Expand nodes.
    3. Expand node with Gateway server.
    4. Expand servers.
  3. Select Gateway server from the tree.
  4. On the configuration panel, select Override inherited values.
  5. Select the SSL configuration that you defined from the SSL configuration list.
  6. Click Update certificate alias list.
  7. Select your certificate alias from the Certificate alias in key store list.
  8. Click Apply.
  9. Repeat the preceding steps on the Outbound node of the local topology tree.
  10. Synchronize your changes to all nodes in the cluster. Click System Administration > Nodes.
  11. Select all nodes in the cluster, then click Full Resynchronize.
  12. Modify the ssl.client.props file for the SIP proxy server to specify TLSv1.2.
    1. On the server, locate the ssl.client.props file.

      This file is stored in the following location: profile_root\properties

    2. Edit the file and change the com.ibm.ssl.protocol setting to TLSv1.2. 
      com.ibm.ssl.protocol=TLSv1.2
    3. Save and close the file.
    4. Restart the node agent.
    5. Restart the server.
    6. Repeat this step on all SIP proxy server nodes.
  13. Open a command window.
  14. In the command window, stop the deployment manager and wait for the command to finish; then restart the deployment manager.

    To stop the deployment manager, navigate to the profile_root\bin directory and use the following commands:

    AIX® and Linux™.

    ./stopManager.sh -username username -password password
./startManager.sh

    Windows™

    stopManager.bat -username username -password password
startManager.bat
  15. Restart the node agents.
    1. Log into the Integrated Solutions Console (http://localhost:9060/ibm/console) on the deployment manager node.
    2. Click System Administration > Node agents .
    3. Select all node agents, and then click Restart.
  16. Click Servers > Clusters.
  17. Select the Sametime Gateway Server cluster, and click Stop, and then wait for the cluster to stop.
  18. Click Servers > Clusters.
  19. Select the Sametime Gateway Server cluster, and click Start.