Home
HCL Sametime® Administration Guide 12.0.1
Securing
This section provides information on securing your HCL Sametime environments.
Securing connections
The various connections to Sametime can be secured using TLS.
Securing connections between Sametime servers and LDAP
When Sametime is configured to connect to an LDAP server, the Sametime servers makes five separate connections to the LDAP server.
Specifying a cipher for Sametime to connect to Domino LDAP on Kubernetes
This task involves defining the required cipher for Sametime to connect to Domino 12 LDAP servers.

HCL Sametime® Administration Guide 12.0.1
- Accessibility features for Sametime
  Accessibility features help users who have a disability, such as restricted mobility or limited vision, use information technology products successfully. HCL® strives to provide products with usable access for everyone.
- What's new
  HCL Sametime and HCL Sametime Premium 12.0.1 provide many new features, enhancements and fixes to servers and clients. Additional releases to version 12.0.1 also provides updates to the product.
- Planning
  This section describes the system requirements and server configurations needed for HCL Sametime and HCL Sametime Premium.
- Installing
  This section provides information on installing the servers for Sametime and Sametime Premium.
- Configuring
  This section provides information on configuring the HCL Sametime server. Configuration tasks are dependent on the deployment environment.
- Securing
  This section provides information on securing your HCL Sametime environments.
  - Encryption usage in Sametime
    HCL Sametime uses several types of encryption to protect data.
  - Securing connections
    The various connections to Sametime can be secured using TLS.
    - Obtaining the cert.key and cert.crt files for Sametime
    - Creating a truststore with a third-party certificate
      When creating a connection between the Sametime server and a service using TLS, a truststore is needed. The truststore is used to store certificates for Sametime.
    - Implementing the Global TLS Scope for Docker
    - Securing connections between the Sametime mux and the Connect and Embedded clients
      There are several connection methods to connect to the Sametime server. This topic includes the steps to encrypt connections between the clients and the Sametime mux using TLS.
    - Securing connections between Sametime servers and LDAP
      When Sametime is configured to connect to an LDAP server, the Sametime servers makes five separate connections to the LDAP server.
      - Securing LDAP on Kubernetes
        This section covers the steps to import your LDAP trust store and password into Kubernetes as a secret, then define the secret in the Sametime configuration.
      - Securing LDAP on Docker or Podman
        This topic covers the steps to import your LDAP trust store and password into Docker as a secret, then define the secret in the Sametime configuration.
      - Specifying a cipher for Sametime to connect to Domino LDAP on Kubernetes
        This task involves defining the required cipher for Sametime to connect to Domino 12 LDAP servers.
      - Specifying a cipher for Sametime to connect to Domino LDAP on Docker or Podman
        Several options that are related to the LDAP server SSL or TLS secure communications can be controlled by environment variables that are used by System SSL. This topic discusses the steps on how to specify a cipher for Sametime to connect to Domino LDAP.
  - Enabling Single Sign-on
    The HCL Sametime server installer enables required JSON Web Token (JWT) authentication. Additionally, the Sametime server supports Security Assertion Markup Language (SAML) and Lightweight Third Party Authentication (LTPA) Single Sign-on (SSO).
  - Setting up TLS for the Mongo database
    You can update the MongoDB connection with the Sametime server to encrypt data flowing between the Sametime server and a TLS-enabled MongoDB. This step is optional but is recommended for multi-Kubernetes-cluster deployments.
  - Replacing the TLS certificates for Web Chat and Meetings
    The Sametime server is pre-configured with a self-signed certificate. You can replace the self-signed certificate with a third party certificate.
  - Applying Let's Encrypt certificates
    This topic describes how to replace the self-signed certificate with a third-party certificate.
- Administering
  This section provides information on administering on Sametime environments.
- Troubleshooting
  This section provides information on troubleshooting and supporting Sametime environments.
- Uninstalling Sametime
  In the event that Sametime must be removed, follow the procedure for the platform that Sametime is installed on.
- Migrating and Upgrading
  This section provides information on migrating data from an earlier release to Sametime 12.
- Notices

Specifying a cipher for Sametime to connect to Domino LDAP on Kubernetes

This task involves defining the required cipher for Sametime to connect to Domino 12 LDAP servers.

Before you begin

By default, Domino 12.0.x LDAP servers must be configured to support a certain cipher used by Sametime. For more information, see Sametime 12.0 TLS required ciphers to connect to Domino 12.0.2 LDAP.

About this task

To support Domino 12.0.2 LDAP connections, follow these steps.

Procedure

Place the values.yaml file in edit mode.
Locate the sametimeIni: setting in the file, and then add the new line, indented with four spaces:
```
    STI__Config__STLDAP_TLS_CIPHER_SUITES=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
```
For more information on how to configure the sametime.ini file, refer to Configuring the sametime.ini file on Kubernetes.
Save and close the file.
Apply your changes to the environment.
Verify that you are in the helm directory and run the following command to apply changes. Specify the Sametime deployment name for your environment. The default for Sametime Premium version 12 is sametime.
```
helm upgrade sametime_deployment_name .
```
Note: Be sure to include the dot at the end. It is part of the command.
If you are unsure of your deployment name, issue the helm list command to find the name. If you upgraded from an earlier Sametime release, the default name is sametime-meetings.
Restart the pods with the changes. Use the kubectl scale command to scale the pods to zero and then to one that have been changed. You must run the commands for each pod that the change affects.
1. Run the following command to scale the pod to zero.
  Scale the pod to zero, where pod_deployment_name is the pod name.
```
kubectl scale deploy pod_deployment_name --replicas=0
```
2. Run the following command to scale the pod to one.
```
kubectl scale deploy pod_deployment_name --replicas=1
```

Rate this topic

5 stars 4 stars 3 stars 2 stars 1 star

Comment on this topic.

By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners immixGroup, Inc. Contact this team at https://hcltechsw.com/resources/us-government-contact. Do not include any personal data in this Comment box. Note: To report a problem or question about the product software, do not use this form. Instead, go to the HCL Software Support site.