Configuring the SIP proxy server to use SSL

Apply the new SSL definition to the SIP proxy server.

Before you begin

Expected state: the deployment manager and all node agents in the cluster are started.

About this task

For additional information about default paths, see Directory conventions.

Procedure

  1. In the Integrated Solutions Console, click Security > SSL certificate and key management > Manage endpoint security configurations..
  2. Expand the Inbound node on the local topology tree.
    1. Expand cell with sip proxy.
    2. Expand nodes.
    3. Expand node with sip proxy.
    4. Expand servers.
  3. Select sip proxy server from the tree.
  4. On the configuration panel, select Override inherited values.
  5. Select the SSL configuration that you defined from the SSL configuration list.
  6. Click Update certificate alias list.
  7. Select your certificate alias from the Certificate alias in key store list.
  8. Click Apply.
  9. Repeat the preceding steps on the Outbound node of the local topology tree.
  10. Change the SSL configuration on the SIP proxy server:
    1. Click Servers > Proxy Servers > name of your SIP proxy server > SIP Proxy Server Settings > SIP proxy server transports > SIPS PROXY CHAIN > SSL inbound channel (SSL_4).
    2. In the "SSL Configuration" section, select Centrally Managed.
    3. Click OK, and then Save.
  11. Synchronize your changes to all nodes in the cluster. Click System Administration > Nodes.
  12. Select all nodes in the cluster, then click Full Resynchronize.
  13. Open a command window.
  14. In the command window, stop the deployment manager and wait for the command to finish, and then restart the deployment manager. Use the user name and password that you provided when you enabled administrative security to stop the deployment manager. Open a command window and navigate to the profile_root\bin directory and use the following commands:

    AIX® and Linux™.

    ./stopManager.sh -username username -password password
./startManager.sh

    Windows™

    stopManager.bat -username username -password password
startManager.bat
  15. Restart the node agents.
    1. Log into the Integrated Solutions Console (http://localhost:9060/ibm/console) on the deployment manager node.
    2. Click System Administration > Node agents .
    3. Select all node agents, and then click Restart.
  16. Modify the ssl.client.props file for the SIP proxy server to specify TLSv1.2.
    1. On the server, locate the ssl.client.props file.

      This file is stored in the following location: profile_root\properties

    2. Edit the file and change the com.ibm.ssl.protocol setting to TLSv1.2. 
      com.ibm.ssl.protocol=TLSv1.2
    3. Save and close the file.
    4. Restart the node agent.
    5. Restart the server.
    6. Repeat this step on all SIP proxy server nodes.
  17. Click Servers > Clusters.
  18. Select the Sametime® Gateway Server cluster, and click Stop, and wait for the cluster to stop.
  19. Click Servers > Clusters.
  20. Select the Sametime Gateway Server cluster, and click Start.
  21. Click Servers > Proxy servers.
  22. Select the SIP proxy server and click Start.

What to do next

Now you can exchange signer certificates with other server communities.