Enabling TLSv1.2 for Sametime Base Meeting Server

Configure TLSv1.2 settings on the Sametime® Base Meeting Server.

About this task

Improve the security of your Sametime deployment by enabling servers to communicate with TLSv1.2.

Procedure

  1. On the Sametime System Console, log in to the WebSphere® Integrated Solutions Console as the WebSphere administrator.
  2. Click Security > SSL certificate and key management > SSL configurations.
  3. Enable TLS for the NodeDefaultSSLSettings SSL configuration:
    1. Select the NodeDefaultSSLSettings configuration.

      For example: (cell):SSCHostnameSSCCell:(node):STMHostnameSTMNode).

    2. In the "Additional Properties" section, click Quality of Protection (QoP) setting.
    3. Change the Protocol setting to TLSv1.2.
    4. Click OK.
    5. Update the master configuration by clicking Save in the "Messages" box at the beginning of the page.
    6. Repeat this step for every NodeDefaultSSLSettings SSL configuration that belongs to the Sametime Base Meeting Server.
  4. Stop the STMeetingServer application server by opening a command window and running the stopServer.bat (Windows™) or stopServer.sh (AIX®, Linux™) script.
    For example on Linux: 
    sh /opt/IBM/WebSphere/AppServer/profiles/STMAppProfile/bin/stopServer.sh STAdvancedServer –username wasadmin –password password
  5. Stop the STMeetingServer node agent by running the stopNode.bat (Windows) or stopNode.sh (AIX, Linux) script.
    For example on Linux: 
    sh /opt/IBM/WebSphere/AppServer/profiles/STMAppProfile/bin/stopNode.sh –username wasadmin –password password
  6. Modify the ssl.client.props file to ensure that the server it can communicate with the System Console using TLSv1.2.
    1. On the server, open the $AppServer/profiles/STMAppProfile/properties/ssl.client.props file.
    2. Edit the file and change the com.ibm.ssl.protocol setting to TLSv1.2. 
      com.ibm.ssl.protocol=TLSv1.2
    3. Save and close the file.
  7. Sync the node with the deployment manager by running the syncNode.bat (Windows) or syncNode.sh (AIX, Linux) script.
    For example on Linux: 
    sh /opt/IBM/WebSphere/AppServer/profiles/STMAppProfile/bin/syncNode.sh SSC_Host_Name 8703 –username wasadmin –password password

    If you encounter problems when syncing the nodes, verify that TLSv1.2 was properly enabled on the server. If you still see problems, restart the server and sync again.

  8. Start the STMeetingServer node agent by running the startNode.bat (Windows) or startNode.sh (AIX, Linux) script.
    For example on Linux: 
    sh /opt/IBM/WebSphere/AppServer/profiles/STMAppProfile/bin/startNode.sh
  9. Start the STMeetingServer application server by opening a command window and running the startServer.bat (Windows) or startServer.sh (AIX, Linux) script.
    For example on Linux: 
    sh /opt/IBM/WebSphere/AppServer/profiles/STMAppProfile/bin/startServer.sh STMeetingServer
  10. Open a browser and navigate to the Sametime System Console and verify that all Sametime Base Meeting Servers can be accessed and are in a started state.
    You can navigate to the Sametime System Console with the following URL:
    https://SSC_Host_Name:8701/ibm/console