Securing the Sametime Proxy server
About this task
You can replace the self-signed certificate with a third party certificate by updating the stanza with your new keystore and password.
For more information on how to create a new keystore, follow the steps in How to create a new Java Keystore with a Third Party certificate for Sametime Proxy 11.
Update the default self-signed certificates
Procedure
- Go to the folder that contains the extracted Sametime proxy application files and locate the server.xml file located in the conf subfolder.
- Open the file using a text or XML editor.
-
Locate the
keystoreFile
andkeystorePass
settings in the file.<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="conf/stproxy.keystore" keystorePass="sametime" clientAuth="false" sslProtocol="TLS"/>
-
Update the
keystoreFile
andkeystorePass
values to match the newly provided keystore and save the file.<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="conf/stproxy.keystore" keystorePass="sametime" clientAuth="false" sslProtocol="TLS"/>
- Restart the Sametime Proxy server and validate.
Disabling Early TLS
Procedure
- Go to the folder that contains the extracted Sametime proxy application files and locate the server.xml file located in the conf subfolder.
- Open the file using a text or XML editor.
-
Add
sslProtocolEnabled="TLSv1.2"
to theConnector
statement in the file and save the file.
Do not modify the<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="conf/stproxy.keystore" keystorePass="sametime" clientAuth="false" sslProtocol="TLS" sslProtocolEnabled="TLSv1.2"/>
sslProtocol
setting. - Restart the Sametime Proxy server and validate.