Enabling TLSv1.2 for Sametime Render Server
Configure TLSv1.2 settings on the Sametime® Render Server.
About this task
Improve the security of your Sametime deployment by enabling servers to communicate with TLSv1.2.
Procedure
-
On the Sametime Render Server, log in to the WebSphere® Integrated Solutions Console as the WebSphere administrator.
The Sametime Render Server does not use the Sametime System Console as its deployment manager, so you must log in to the Capture Server's own WebSphere Integrated Solutions Console.
- Click Security > SSL certificate and key management > SSL configurations.
-
Enable TLS for the NodeDefaultSSLSettings SSL configuration:
-
Select the NodeDefaultSSLSettings configuration.
For example: (cell):SSCHostnameSSCCell:(node):STMHostnameSTMNode).
- In the "Additional Properties" section, click Quality of Protection (QoP) setting.
- Change the Protocol setting to TLSv1.2.
- Click OK.
- Update the master configuration by clicking Save in the "Messages" box at the beginning of the page.
-
Select the NodeDefaultSSLSettings configuration.
-
Stop the STMeetingServer application server by opening a command window and running the
stopServer.bat (Windows™) or
stopServer.sh (AIX®, Linux™) script.
For example on Linux:
sh /opt/IBM/WebSphere/AppServer/profiles/STMPNAppProfile/bin/stopServer.sh STAdvancedServer –username wasadmin –password password -
Modify the ssl.client.props file to ensure that the server it can
communicate with the System Console using TLSv1.2.
- On the server, open the $AppServer/profiles/STMPNAppProfile/properties/ssl.client.props file.
-
Edit the file and change the
com.ibm.ssl.protocolsetting toTLSv1.2.com.ibm.ssl.protocol=TLSv1.2 - Save and close the file.
-
Start the STMeetingServer application server by opening a command window and running the
startServer.bat (Windows) or
startServer.sh (AIX, Linux) script.
For example on Linux:
sh /opt/IBM/WebSphere/AppServer/profiles/STMPNAppProfile/bin/startServer.sh STMeetingServer - Repeat this task on every Sametime Render Server.