Home
Deploying
IBM® Sametime® consists of a variety of servers and clients, and can be deployed to suit many different environments. The deployment instructions are organized by feature set, beginning with the minimum components that are necessary to support instant messaging, and then expanding the deployment to include features such as audio and video support, and conferencing.
Deploying instant messaging
Instant messaging features are provided primarily by the IBM® Sametime® Community Server, which supports presence, text chats, and two-way phone calls.
Securing the Sametime® Community Server
The IBM® Sametime® server uses the Internet and intranet security features of the Domino® server on which it is installed to authenticate web browser users who access Domino databases on the server.
Configuring Sametime® Community Server to use SSL encryption
Configure IBM® Sametime® Community Server to use SSL (Secure Socket Layer) for its services; and configure HTTPS when communicating with Web clients or enable LDAPS (LDAP over SSL) with the LDAP server.
Enabling encryption between a Sametime® Community Server and the LDAP server
Configure SSL encryption between an IBM® Sametime® Community Server and an LDAP server by enabling the LDAPS protocol.
Setting up a keystore for the SSL certificate used by the LDAP server
Install the GSKit program and the IBM® IKeyMan utility so you can store a copy of the LDAP server's SSL certificate. On IBM i, Sametime® Community Server comes with the IKeyMan utility already installed, but you must install DCM software instead; the instructions are in this section.
Installing and setting up Digital Certificate Manager on IBM® i
Install and set up the DCM (Digital Certificate Manager) program on an IBM® i server hosting IBM Sametime®, and ensure that Sametime trusts the LDAP server's SSL certificate.
Ensuring that the LDAP client trusts the LDAP server's certificate
Ensure that the IBM® i LDAP client trusts the SSL certificate used by the LDAP server with which it communicates.

Ensuring that the LDAP client trusts the LDAP server's certificate

Ensure that the IBM® i LDAP client trusts the SSL certificate used by the LDAP server with which it communicates.

About this task

IBM Sametime® for IBM i uses the LDAP client included with the IBM Directory Server that is installed as part of the IBM i operating system. Enable the LDAP client to trust the LDAP server by importing the server's SSL certificate into the store on the client (the IBM i server) and then adding the Certificate Authority to the trust list.

Procedure

Use the DCM (Digital Certificate Manager) program to determine whether the CA Certificate that signed the LDAP directory server's certificate is already included in the DCM *SYSTEM certificate store.
Well-known public Internet Certificate Authorities (CA) that most web browsers can recognize readily, such as VeriSign, are already included in the DCM. If the appropriate CA is included in the certificate store, you have finished this task; skip the remaining steps.
If the CA used by your LDAP server's certificate does not appear in the DCM *SYSTEM certificate store, import it now by completing the remaining steps in this procedure.
Import the LDAP directory server's certificate into the DCM *SYSTEM certificate store.
Use DCM to add the CA Certificate to the trust list of the IBM Directory Server LDAP client application.
The application ID is QIBM_GLD_DIRSRV_CLIENT.