Enabling TLSv1.2 for Sametime Video Manager

Configure TLSv1.2 settings on the Sametime® Video Manager.

About this task

Improve the security of your Sametime deployment by enabling servers to communicate with TLSv1.2.

Procedure

Complete these steps for every Sametime Video Manager in the deployment.
  1. Enable TLSv1.2 for the NodeDefaultSSLSettings SSL configuration as follows:
    1. On the Sametime Video Manager, log in to the WebSphere® Integrated Solutions Console as the WebSphere administrator.
    2. In the navigation list, click Security > SSL certificate and key management.
    3. In the "Related Items" section, click SSL Configurations.
    4. Click the link NodeDefaultSSLSettings.
    5. On the configuration page, look in the "Additional Properties" section and click Quality of Protection (QoP) Settings.
    6. In the Protocol field, select TLSv1.2.
    7. Click Apply and then click Save to update the master configuration.
  2. Modify the ssl.client.props file for the Sametime Video Manager to specify TLSv1.2.
    1. On the server, locate the ssl.client.props file.

      This file is stored in the following location: /IBM/WebSphere/AppServer/profiles/STMSProfile/properties

    2. Edit the file and change the com.ibm.ssl.protocol setting to TLSv1.2. 
      com.ibm.ssl.protocol=TLSv1.2
    3. Save and close the file.
  3. Stop the STMediaServer application server by running the stopServer.sh (AIX®, Linux™) or stopServer.bat (Windows™) script.
    For example, on Linux:
    sh /opt/IBM/WebSphere/AppServer/profiles/STMSPNAppProfile/bin/stopServer.sh STMediaServer –username wasadmin –password password
  4. Modify the loadbalancer.properties file for the Sametime Video Manager to specify TLSv1.2.
    1. On the server, locate the loadbalancer.properties file.

      This file is stored in the following location: $AppServer/profiles/STMSPNProfile1/installedApps/STMSCell1/VMGRLoadBalancer.ear/VMGRLoadBalancer.war/WEB-INF/

    2. Edit the file and locate the <!-- ssl-protocol=TLS --> statement.

      Modify the statement as follows:

      ssl-protocol=TLS=TLSv1.2
    3. Save and close the file.
  5. Start the STMediaServer application server by running the startServer.sh (AIX, Linux) or startServer.bat (Windows) script.
    For example, on Linux:
    sh /opt/IBM/WebSphere/AppServer/profiles/STMSPNAppProfile/bin/startServer.sh STMediaServer
  6. Repeat this task for every Sametime Video Manager in your deployment.