Transport Layer Security (TLS) and Secure Sockets Later (SSL) provide encrypted SIP communications between Sametime
® Gateway and the external instant messaging communities such as AOL, Office Communications Server, and Sametime
communities, but only if the other Sametime
community requires SSL. TLS/SSL also provides encrypted XMPP communications for XMPP communities. The TLS/SSL protocols allow Sametime
messages to communicate across a network in a way designed to prevent eavesdropping, tampering, and message forgery. Use these steps to set up SSL with a certificate signed by a Certificate Authority and exchange trusted certificates with external communities.
About this task
Messages that flow between Sametime
Gateway and AOL and Office Communications Server always require a TLS/SSL connection. Sametime
and XMPP communities may or may not require a TLS/SSL connection, depending whether the external community requires a CA-signed certificate. Google Talk does not work over TLS/SSL.
This section provides steps for a single Sametime
Gateway server or cluster of Sametime
Gateway servers. In addition, this section provides steps needed to set up SSL on a Sametime
6.5.1 or later server in an external community. You can provide these steps as a courtesy to an external community or refer them to the Sametime
SSL can encrypt sensitive information for SIP and XMPP communications, and provides authenticity and data signing to ensure a secure connection between the local Sametime
Gateway community and an external instant messaging community. The foundation technology for SSL is public key cryptography, which guarantees that when an entity encrypts data using its private key, only entities with the corresponding public key can decrypt that data.
SSL is required for connections to the following communities:
- External community using AOL Instant Messenger
- External community using Office Communications Server
- AOL clearinghouse community
SSL is not required but it is recommended for connections to XMPP or Sametime
You cannot use SSL between Sametime
Gateway and Google Talk communities.
SSL is not needed between Sametime
Gateway and the local Sametime
community because the connection uses the Virtual Places (VP) protocol over TCP and includes built-in encryption.
Setting up SSL on a single serverParent topic: Working with Sametime servers that are enabled for SSL
These procedures describe how to set up Secure Sockets Layer (SSL) on a single Sametime
Gateway server for both SIP and XMPP communications.
Setting up SSL on a cluster
These procedures describe how to set up Secure Sockets Layer (SSL) on a cluster of Sametime
List of supported Certificate Authorities
Certificate authorities (CAs) can issue public key certificates which state that the CA attests that the public key contained in the certificate belongs to you. You then use your CA-signed certificate to exchange certificates with AOL and XMPP to provide for the secure exchange of instant messages.
Setting up email notifications for certificate expiration
This optional procedure allows the Sametime Gateway administrator to receive email notifications about SSL certificates that are about to expire soon.