Welcome to the HCL Sametime® 11.6 administration documentation
- Accessibility features for Sametime
  Accessibility features help users who have a disability, such as restricted mobility or limited vision, to use information technology products successfully. HCL® strives to provide products with usable access for everyone.
- What's new in HCL Sametime
  This section describes what's new in HCL Sametime® 11.6 and Sametime® Meetings 11.6.
- Checklist to deploy Sametime
  This section provides information on reviewing the checklist to deploy the Sametime clients.
- Encryption usage in Sametime
  HCL® Sametime® uses several types of encryption to protect data.
- Planning
  This section describes the system requirements and server configurations needed for HCL Sametime 11.6.
- Installing
  This section provides information on installing and configuring the servers for HCL Sametime 11.6.
- Configuring
  This section provides information on configuring the servers for HCL Sametime 11.6.
- Securing
  This section provides information on securing HCL Sametime 11.6 environments.
  - Installing GSKit on Microsoft Windows
    To install GSKit on Microsoft Windows, follow the steps:
  - Installing GSKit on Linux
    To install GSKit on Linux, follow the steps:
  - Securing connections
  - Enabling Single Sign-on
    The HCL Sametime Community server uses the Domino server web server security features. By default the Sametime server installer configures single sign-on (SSO) for Domino.
  - Configuring the Sametime Proxy server for SAML authentication
    The Sametime Community server supports multiple authentication methods such as using a name and password, and Security Assertion Markup Language (SAML).
  - Enable Security in MongoDB
    To enable MongoDB securing, edit the mongod.conf file setting authorization: enabled.
  - Enabling TLS for the Mongo database
    You can update the MongoDB connection with the Sametime Community server to encrypt data flowing between the Sametime server and a TLS enabled MongoDB.
  - Updating the Sametime Meeting Server TLS Certificates
    This section provides information on updating the Sametime Meeting Server certificates.
  - Applying Let's Encrypt certificates on the Meeting server
- Administering
  This section provides information on administering HCL Sametime 11.6 environments.
- Uninstalling Sametime
  In the event that Sametime must be uninstalled, follow these steps to uninstall the Community, Proxy, and Meetings servers.
- Troubleshooting
  Troubleshooting and Support
- Migrating and Upgrading
  This section provides information on migrating and upgrading from an earlier Sametime release.
- Notices

Applying Let's Encrypt certificates on the Meeting server

About this task

The Sametime Meeting server is preconfigured with a self-signed certificate. This topic describes how to replace the self-signed certificate with a third-party certificate.

Note: Let's Encrypt certificates expire every 90 days. To automatically renew the certificates, users can use Certbot. Otherwise, users can renew certificates when they expire. Refer to the Let's Encrypt documentation for details on using Certbot.

Kubernetes

About this task

Obtain one or more certificates and private key. Afterward, run the following commands to configure the Ingress to use them.

Procedure

For KEY_FILE specify the private key file and for CERT_FILE specify the certificates file.


kubectl -n ingress-nginx delete secret ingress-tls-cert
export CERT_NAME=ingress-tls-cert
export KEY_FILE=privkey.pem
export CERT_FILE=fullchain.pem
kubectl -n ingress-nginx create secret tls ${CERT_NAME} --key ${KEY_FILE} --cert ${CERT_FILE}
kubectl patch deployment nginx-ingress-controller -n ingress-nginx --patch "$(cat kubernetes/ingress/nginx-tls-patch.yaml)"

Restart the ingress controller:


kubectl scale deployment nginx-ingress-controller -n ingress-nginx --replicas=0
kubectl scale deployment nginx-ingress-controller -n ingress-nginx --replicas=1

Docker

About this task

Generate a Let's Encrypt certificate. Afterward, apply the encryption certificate on the Sametime Meeting server.

Procedure

Set ENABLE_LETSENCRYPT to 1 in the docker-compose.yml file.
Retrieve the PEM files provided by Let's Encrypt and locate the following files.
- fullchain.pem
- privkey.pem
Copy the specified files into the following folder:
```
jitsi-config/web/letsencrypt/live/
```
Note: If you set a value for the LETSENCRYPT_DOMAIN, the path is jitsi-config/web/letsencrypt/live/<LETSENCRYPT_DOMAIN >/.

Restart the server to apply the changes.


docker-compose down


docker-compose up -d

Rate this topic

5 stars 4 stars 3 stars 2 stars 1 star

Comment on this topic.

By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners immixGroup, Inc. Contact this team at https://hcltechsw.com/resources/us-government-contact. Do not include any personal data in this Comment box. Note: To report a problem or question about the product software, do not use this form. Instead, go to the HCL Software Support site.