Configuring TLS/SSL for Sametime Gateway

Transport Layer Security (TLS) and Secure Sockets Later (SSL) provide encrypted SIP communications between Sametime® Gateway Server and the external instant messaging communities such as AOL®, Office Communications Server, and Sametime communities, but only if the other Sametime community requires SSL. TLS/SSL also provides encrypted XMPP communications for XMPP communities. The TLS/SSL protocols allow Sametime messages to communicate across a network in a way designed to prevent eavesdropping, tampering, and message forgery. Use these steps to set up SSL with a certificate signed by a Certificate Authority and exchange trusted certificates with external communities.

About this task

Messages that flow between Sametime Gateway Server and AOL and Office Communications Server always require a TLS/SSL connection. Sametime and XMPP communities may or may not require a TLS/SSL connection, depending whether the external community requires a CA-signed certificate.

This section provides steps for a single Sametime Gateway Server server or cluster of Sametime Gateway Server servers. In addition, this section provides steps needed to set up SSL on a Sametime 6.5.1 or later server in an external community. You can provide these steps as a courtesy to an external community or refer them to the Sametime documentation.

SSL can encrypt sensitive information for SIP and XMPP communications, and provides authenticity and data signing to ensure a secure connection between the local Sametime Gateway Server community and an external instant messaging community. The foundation technology for SSL is public key cryptography, which guarantees that when an entity encrypts data using its private key, only entities with the corresponding public key can decrypt that data.

SSL is required for connections to the following communities:

  • External community using AOL Instant Messenger™
  • External community using Office Communications Server
  • AOL clearinghouse community

SSL can be configured between the Sametime Gateway Server and the local Sametime community, even though the connection uses the Virtual Places (VP) protocol over TCP and includes built-in encryption.