Home
Welcome to the HCL Sametime® 11.6 administration documentation
Securing
This section provides information on securing HCL Sametime 11.6 environments.
Enabling TLS for the Mongo database
You can update the MongoDB connection with the Sametime Community server to encrypt data flowing between the Sametime server and a TLS enabled MongoDB.

Welcome to the HCL Sametime® 11.6 administration documentation
- Accessibility features for Sametime
  Accessibility features help users who have a disability, such as restricted mobility or limited vision, to use information technology products successfully. HCL® strives to provide products with usable access for everyone.
- What's new in HCL Sametime
  This section describes what's new in HCL Sametime® 11.6 and Sametime® Meetings 11.6.
- Checklist to deploy Sametime
  This section provides information on reviewing the checklist to deploy the Sametime clients.
- Encryption usage in Sametime
  HCL® Sametime® uses several types of encryption to protect data.
- Planning
  This section describes the system requirements and server configurations needed for HCL Sametime 11.6.
- Installing
  This section provides information on installing and configuring the servers for HCL Sametime 11.6.
- Configuring
  This section provides information on configuring the servers for HCL Sametime 11.6.
- Securing
  This section provides information on securing HCL Sametime 11.6 environments.
  - Installing GSKit on Microsoft Windows
    To install GSKit on Microsoft Windows, follow the steps:
  - Installing GSKit on Linux
    To install GSKit on Linux, follow the steps:
  - Securing connections
  - Enabling Single Sign-on
    The HCL Sametime Community server uses the Domino server web server security features. By default the Sametime server installer configures single sign-on (SSO) for Domino.
  - Configuring the Sametime Proxy server for SAML authentication
    The Sametime Community server supports multiple authentication methods such as using a name and password, and Security Assertion Markup Language (SAML).
  - Enable Security in MongoDB
    To enable MongoDB securing, edit the mongod.conf file setting authorization: enabled.
  - Enabling TLS for the Mongo database
    You can update the MongoDB connection with the Sametime Community server to encrypt data flowing between the Sametime server and a TLS enabled MongoDB.
  - Updating the Sametime Meeting Server TLS Certificates
    This section provides information on updating the Sametime Meeting Server certificates.
  - Applying Let's Encrypt certificates on the Meeting server
- Administering
  This section provides information on administering HCL Sametime 11.6 environments.
- Uninstalling Sametime
  In the event that Sametime must be uninstalled, follow these steps to uninstall the Community, Proxy, and Meetings servers.
- Troubleshooting
  Troubleshooting and Support
- Migrating and Upgrading
  This section provides information on migrating and upgrading from an earlier Sametime release.
- Notices

Enabling TLS for the Mongo database

You can update the MongoDB connection with the Sametime Community server to encrypt data flowing between the Sametime server and a TLS enabled MongoDB.

Before you begin

You must have a TLS enabled MongoDB server. For details, refer to the topic Configure mongod and mongos for TLS/SSL in the MongoDB documentation.

About this task

During Sametime Meeting installation, the chatlogging.ini file is created to contain MongoDB server connection information. The connection configuration information within the chatlogging.ini file must be modified to include parameters necessary to establish a secure connection.

The Sametime administrator can specify a custom connection URL to the MongoDB server. The CL_MONGO_URL configuration parameter can be set with a MongoDB server URL which includes the required settings for the Sametime server to establish a secure connection to the MongoDB server. After adding the CL_MONGO_URL configuration parameter to the chatlogging.ini file, the default setting is overridden by the settings contained within the URL string.

If a self-signed certificate is being used, the certificate must be added to the Sametime certificate store.

Procedure

Open the chatlogging.ini file which is in the HCL Notes data directory .
Update or add the CL_MONGO_URL configuration parameter.
This parameter is used to override existing configuration settings specified during installation. If changes were made post installation, this parameter exists in the file. If no changes have been made, add the parameter.
```
CL_MONGO_URL=mongodb://user:password@hostname_tcpip:port/tls_information
```
where:
hostname_tcpip

The hostname or TCPIP address of the MongoDB server.

port

The port to be used for communication.

tls_information
The attributes that identify use of a TLS MongoDB. Copy and past the following into the CL_MONGO_URL parameter.
/admin?retryWrites=true&w=majority&ssl=true&tlsCAFile=/local/notesdata/cacert.pem
For example:
```
CL_MONGO_URL=mongodb://user:password@192.168.150.1:27017/admin?retryWrites=true&w=majority&ssl=true&tlsCAFile=/local/notesdata/cacert.pem
```
Save the file and restart the Sametime Community server to apply the changes.

Rate this topic

5 stars 4 stars 3 stars 2 stars 1 star

Comment on this topic.

By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners immixGroup, Inc. Contact this team at https://hcltechsw.com/resources/us-government-contact. Do not include any personal data in this Comment box. Note: To report a problem or question about the product software, do not use this form. Instead, go to the HCL Software Support site.