Encrypting the UserInfo servlet

If your IBM® Sametime® deployment uses SSL encryption when communicating with the LDAP server, you can additionally choose to encrypt the UserInfo servlet. For IBM Sametime 9.0 HF1, these settings are deprecated. They are only used if no trust store is set in the TLS configuration page.

Before you begin

You must have created a keystore .jks file on the IBM Sametime Community Server, which stores a copy of the IBM Domino® server's SSL certificate.

About this task

This configuration is necessary to enable the Business Card feature when you have chosen to encrypt all data transmitted between the Sametime server and the LDAP server, where the Business Card data is stored. For more information about TLS, see the topic Setting up TLS Configuration.

Procedure

Open a command prompt and navigate to the following directory:
- IBM AIX®, Linux™: the Sametime server's data directory
- Windows™: the Sametime server's installation directory
Open the UserInfoConfig.xml file in an editor and make the following changes:
1. Locate the <ReadStConfigUpdates> tag and set to value="true". If this statement is not in the file, you do not need to add it.
  The statement should look like this:
```
<ReadStConfigUpdates value="true"/>
```
2. Locate the <StorageDetails> tag and set the following values:
```
SslEnabled="true" 
SslPort="636"
```
  Use the value of the port that your LDAP server listens on for SSL communications (the default is port 636).
3. In the <SslProperties> tag, set the following values:
```
<SslProperties KeyStorePath="D:\IBM\Lotus\Domino\jvm\bin\key.jks_OR_stkeys.jks"
       KeyStorePassword="mypwd"/>       
```
  Where:
  - KeyStorePath indicates the path to where the keystore database is stored.
    On Windows, the file is named stkeys.jks; on AIX and Linux, the file is named keys.jks.
  - KeyStorePassword indicates the password you created for accessing the keystore database.
Save and close the file
Restart the Sametime Community Server.