Enabling TLSv1.2 for Sametime Conference Manager and Sametime SIP Proxy/Registrar

Configure TLSv1.2 settings on the Sametime® Conference Manager and Sametime SIP Proxy/Registrar servers.

About this task

Improve the security of your Sametime deployment by enabling servers to communicate with TLSv1.2.

Procedure

Complete this task for every Conference Manager and every SIP Proxy/Registrar in the deployment.
  1. Enable TLSv1.2 for the NodeDefaultSSLSettings SSL configuration as follows:
    1. On the Sametime System Console, log in to the WebSphere® Integrated Solutions Console as the WebSphere administrator.
    2. In the navigation list, click Security > SSL certificate and key management.
    3. In the "Related Items" section, click SSL Configurations.
    4. Click the NodeDefaultSSLSettings link.
    5. On the configuration page, look in the "Additional Properties" section and click Quality of Protection (QoP) Settings.
    6. In the Protocol field, select TLSv1.2.
    7. Click Apply and then click Save to update the master configuration.
  2. Stop the STMediaServer application server by running the stopServer.sh (AIX®, Linux™) or stopServer.bat (Windows™) script.
    For example, on Linux:
    sh /opt/IBM/WebSphere/AppServer/profiles/STMSAppProfile/bin/stopServer.sh STMediaServer –username wasadmin –password password
  3. Stop the STMedia node agent by running the stopNode.sh (AIX, Linux) or stopNode.bat (Windows) script.
    For example, on Linux:
    sh /opt/IBM/WebSphere/AppServer/profiles/STMSAppProfile/bin/stopNode.sh –username wasadmin –password password
  4. Modify the ssl.client.props file to specify TLSv1.2.
    1. On the server, locate the ssl.client.props file.

      This file is stored in the following location: $AppServer/profiles/STMSAppProfile/properties/ssl.client.props

    2. Edit the file and change the com.ibm.ssl.protocol setting to TLSv1.2. 
      com.ibm.ssl.protocol=TLSv1.2
    3. Save and close the file.
  5. Sync the STMediaServer node with the deployment manager by running the syncNode.sh (AIX, Linux) or syncNode.bat (Windows) script.
    For example, on Linux:
    sh /opt/IBM/WebSphere/AppServer/profiles/STMSAppProfile/bin/syncNode.sh SSC_Host_Name 8703 –username wasadmin –password password
  6. Start the STMedia node agent by running the startNode.sh (AIX, Linux) or startNode.bat (Windows) script.
    For example, on Linux:
    sh /opt/IBM/WebSphere/AppServer/profiles/STMSAppProfile/bin/startNode.sh
  7. Start the STMedia application server by running the startServer.sh (AIX, Linux) or startServer.bat (Windows) script.
    For example, on Linux:
    sh /opt/IBM/WebSphere/AppServer/profiles/STMSAppProfile/bin/stopServer.sh STMediaServer
  8. On the Sametime System Console, log in to the WebSphere Integrated Solutions Console as the WebSphere administrator.
  9. Click Servers > Server Types > WebSphere application servers
  10. Remember to complete this task for every Sametime Conference Manager and every Sametime SIP Proxy/Registrar in the deployment.

What to do next

On the Application servers page, verify that the all of the Conference Manager servers and SIP Proxy/Registrar servers are reachable and in a started state.