TLS Handshake Error from Webplayer when connecting to IBM Media Manager

TLS Handshake Error from Webplayer when connecting to the IBM Media Manager when attending a Web AV Meeting

TLS Handshake Error when attending a WebAV enabled IBM Sametime Meeting:

Currently Webplayer does not support Wild Card SSL certificates, and this has been reported under SPR COLY8S7JKT (This has been identified as a product defect under APAR LO67885)

IBM Sametime Media Manager 8.5.2IFR1

IBM Sametime Meetings 8.5.2IFR1

Add additional logging to the WebPlayer by doing the following:

Locate the WebPlayer.ini under:

Windows 7

C:\Users\IBM_ADMIN\AppData\LocalLow\IBM\Lotus\Sametime WebPlayer

Windows XP

%APPDATA%\IBM\Lotus\SametimeWebPlayer\

Change LogFileLevel to 16 (LogFileLevel=16)

Save the file

Clear out the old logs under:

Windows 7

%USERPROFILE%\AppData\LocalLow\IBM\Lotus\Sametime WebPlayer\logs

Windows XP

%APPDATA%\IBM\Lotus\SametimeWebPlayer\logs

Reproduce the issue.

The following error should be found under Sip.log in the logs directory (specified above)

Error looks like:

P:10780 T:9708 16/2/2012 10:48:21 [ Trace] [C:\Users]TLSServerSocket :verify_callback - Remote Host= *.demo.ie

P:10780 T:9708 16/2/2012 10:48:21 [ Error] [C:\Users]TLSServerSocket :verify_callback - Common Name *.demo.ie does not match host name media.demo.ie

P:10780 T:9708 16/2/2012 10:48:21 [ Error] [C:\Users] TLSServerSocket::connectToRemoteServer TLS handshake failed

Currently Webplayer does not support Wild Card SSL certificates, and this has been reported under SPR COLY8S7JKT (This has been identified as a product defect under APAR LO67885)

There are three possible workarounds to avoid this issue:

1.Get a new SSL cert with the FQHN of the Media Manager instead of the Wild Card SSL Cert

2. Add CertAutoAccept=true to the Preferences.ini file;

Located under:

WinXP - %APPDATA%\IBM\Lotus\SametimeWebPlayer\Plugins\stwebsoftphone\

Win Vista,7 - %USERPROFILE%\AppData\LocalLow\IBM\Lotus\SametimeWebPlayer\Plugins\stwebsoftphone\

If the webplayer is not downloaded to the local client machine you can add this setting to the server and it will be applied to all new clients that download the webplayer for the first time.

Go to:

<Websphere_path\AppServer\Profiles\<Proxy_Profile_Name>\installedApps\<Proxy_Cell_Name>\SametimeProxy.ear\stwebav.war

Open the webstsoftphone.ini and change the setting there, and this will be pushed to new clients that download the plugin after the change above is made.

Please note: CertAutoAccept=true will accept any SSL certificate which is passed from the Media Manager to the Webplayer and trust it.

3. Disable TLS:
Please follow below steps:
1. Login to IBM Sametime System Console.
2. Please select the transport protocol to TCP and change the port to defined TCP port as mentioned in the below snapshot