Use a SSL certificate for the Sametime Proxy – a very easy way

By default when you install Sametime Proxy 11 it will use self signed certificates. My peer HCL Ambassador Ales Lichtenberg has written a blog post, here, about how to use a CA issued certificate. In his article he uses the .pem format for the certificates; I found there is another way to do this using the pfx format for certificates.

Once you have the pfx file, and the relative password, is very easy to configure Tomcat to use it. Open the server.xml file in the sametimeproxy\conf directory, edit it and change the connector stanza from this:

<Connector
protocol=”org.apache.coyote.http11.Http11NioProtocol”
port=”8443″ maxThreads=”200″
scheme=”https” secure=”true” SSLEnabled=”true”
keystoreFile=”conf/stproxy.keystore” keystorePass=”samet1me”
clientAuth=”false” sslProtocol=”TLS”/>

to this

<Connector
protocol=”org.apache.coyote.http11.Http11NioProtocol”
port=”8443″ maxThreads=”200″
scheme=”https” secure=”true” SSLEnabled=”true”
keystoreFile=”YOURCERT.pfx” keystorePass=”YOURPASS” keystoretype=”PKCS12/”
clientAuth=”false” sslProtocol=”TLS”/>

Using certificate in pfx format makes the configuration much easier, as you see; there is no need to import anything, just modify the server.xml


Sametime 11 commonly faced issues
I will be speaking at DNUG47ONLINE

Comments

  1. Heather Hottenstein
    22nd June 2020 - 21:53

    Where on the Domino server should the yourcert.pfx be placed?

Leave a Reply

Your email address will not be published / Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.