Home
Deploying
IBM® Sametime® consists of a variety of servers and clients, and can be deployed to suit many different environments. The deployment instructions are organized by feature set, beginning with the minimum components that are necessary to support instant messaging, and then expanding the deployment to include features such as audio and video support, and conferencing.
Deploying an instant messaging gateway for external communities
Clients in a local IBM® Sametime® community can communicate with users in other communities through the Sametime Gateway.
Configuring TLS/SSL for Sametime® Gateway
Transport Layer Security (TLS) and Secure Sockets Later (SSL) provide encrypted SIP communications between Sametime® Gateway Server and the external instant messaging communities such as AOL®, Office Communications Server, and Sametime communities, but only if the other Sametime community requires SSL. TLS/SSL also provides encrypted XMPP communications for XMPP communities. The TLS/SSL protocols allow Sametime messages to communicate across a network in a way designed to prevent eavesdropping, tampering, and message forgery. Use these steps to set up SSL with a certificate signed by a Certificate Authority and exchange trusted certificates with external communities.
Setting up SSL on a cluster
These procedures describe how to set up Secure Sockets Layer (SSL) on a cluster of Sametime® Gateway Servers.
Purchasing a certificate from a Certificate Authority
Purchase a Certificate Authority-signed certificate for secure Connections betweenSametime® Gateway Server and other instant messaging providers.

Purchasing a certificate from a Certificate Authority

Purchase a Certificate Authority-signed certificate for secure Connections betweenSametime® Gateway Server and other instant messaging providers.

About this task

The CA certificate installed on Sametime Gateway Server must conform to RFC 3280 certificate standards. The CA certificate can be a root certificate or an intermediary certificate. When requesting a certificate, check with the vendor to make sure that the certificate supports both TLS Web Server Authentication and TLS Web Client Authentication. Some certificate authorities provide certificates that support server authentication only or client authentication only. Certificates must include both server and client authentication EKU flags. Thawte certificates meet these standards. It is your responsibility to make sure that the certificate supports both.

Procedure

Review the list of Certificate Authorities recognized by AOL and XMPP.
For more information, see List of supported Certificate Authorities.
Purchase a certificate that supports both client and server authentication.