Welcome to the HCL Sametime® 11.6 administration documentation
- Accessibility features for Sametime
  Accessibility features help users who have a disability, such as restricted mobility or limited vision, to use information technology products successfully. HCL® strives to provide products with usable access for everyone.
- What's new in HCL Sametime
  This section describes what's new in HCL Sametime® 11.6 and Sametime® Meetings 11.6.
- Checklist to deploy Sametime
  This section provides information on reviewing the checklist to deploy the Sametime clients.
- Encryption usage in Sametime
  HCL® Sametime® uses several types of encryption to protect data.
- Planning
  This section describes the system requirements and server configurations needed for HCL Sametime 11.6.
- Installing
  This section provides information on installing and configuring the servers for HCL Sametime 11.6.
- Configuring
  This section provides information on configuring the servers for HCL Sametime 11.6.
- Securing
  This section provides information on securing HCL Sametime 11.6 environments.
  - Installing GSKit on Microsoft Windows
    To install GSKit on Microsoft Windows, follow the steps:
  - Installing GSKit on Linux
    To install GSKit on Linux, follow the steps:
  - Securing connections
    - Choosing the TLS Configuration Scope
    - Securing connections between Sametime Community and Sametime clients
    - Securing Server to Server Connections
    - Securing connections between Sametime Community and LDAP
      When Sametime is configured to connect to an LDAP server, the Sametime Community Server makes five separate connections to the LDAP server.
    - Securing the Sametime Proxy server
      - How to create a new Java Keystore with a Third Party certificate
      - Enabling TLS on the Sametime Proxy server
  - Enabling Single Sign-on
    The HCL Sametime Community server uses the Domino server web server security features. By default the Sametime server installer configures single sign-on (SSO) for Domino.
  - Configuring the Sametime Proxy server for SAML authentication
    The Sametime Community server supports multiple authentication methods such as using a name and password, and Security Assertion Markup Language (SAML).
  - Enable Security in MongoDB
    To enable MongoDB securing, edit the mongod.conf file setting authorization: enabled.
  - Enabling TLS for the Mongo database
    You can update the MongoDB connection with the Sametime Community server to encrypt data flowing between the Sametime server and a TLS enabled MongoDB.
  - Updating the Sametime Meeting Server TLS Certificates
    This section provides information on updating the Sametime Meeting Server certificates.
  - Applying Let's Encrypt certificates on the Meeting server
- Administering
  This section provides information on administering HCL Sametime 11.6 environments.
- Uninstalling Sametime
  In the event that Sametime must be uninstalled, follow these steps to uninstall the Community, Proxy, and Meetings servers.
- Troubleshooting
  Troubleshooting and Support
- Migrating and Upgrading
  This section provides information on migrating and upgrading from an earlier Sametime release.
- Notices

Securing the Sametime Proxy server

About this task

You can replace the self-signed certificate with a third party certificate by updating the stanza with your new keystore and password.

For more information on how to create a new keystore, follow the steps in How to create a new Java Keystore with a Third Party certificate for Sametime Proxy 11.

Update the default self-signed certificates

Procedure

Go to the folder that contains the extracted Sametime proxy application files and locate the server.xml file located in the conf subfolder.
Open the file using a text or XML editor.

Locate the keystoreFile and keystorePass settings in the file.

<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="conf/stproxy.keystore" keystorePass="sametime" clientAuth="false" sslProtocol="TLS"/>

Update the keystoreFile and keystorePass values to match the newly provided keystore and save the file.

<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="conf/stproxy.keystore" keystorePass="sametime" clientAuth="false" sslProtocol="TLS"/>

Restart the Sametime Proxy server and validate.

Disabling Early TLS

Procedure

Go to the folder that contains the extracted Sametime proxy application files and locate the server.xml file located in the conf subfolder.
Open the file using a text or XML editor.

Add sslProtocolEnabled="TLSv1.2" to the Connector statement in the file and save the file.

<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="conf/stproxy.keystore" keystorePass="sametime" clientAuth="false" sslProtocol="TLS" sslProtocolEnabled="TLSv1.2"/>

Do not modify the sslProtocol setting.

Restart the Sametime Proxy server and validate.

Rate this topic

5 stars 4 stars 3 stars 2 stars 1 star

Comment on this topic.

By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners immixGroup, Inc. Contact this team at https://hcltechsw.com/resources/us-government-contact. Do not include any personal data in this Comment box. Note: To report a problem or question about the product software, do not use this form. Instead, go to the HCL Software Support site.