Replacing the default certificate on the Bandwidth Manager

The IBM® Sametime® servers that run on IBM WebSphere® Application Server install with SSL enabled, using a self-signed certificate from IBM. If you want to use a different certificate, you can import it into the keystore yourself.

Before you begin

Request a signed certificate from a Certificate Authority and copy the certificate file to the server where you will install the certificate.

About this task

This procedure applies only to Sametime product servers running on WebSphere Application Server.

Procedure

  1. On the Sametime product server, log in to the WebSphere Integrated Solutions Console as the WebSphere administrator.
  2. Click Security > SSL certificate and key management.
  3. On the SSL certificate and key management page, look in the "Configuration settings" section and click Manage endpoint security configurations.
  4. On the Manage endpoint security configurations page, select the scope to which the certificate will apply. Apply the certificate to both the inbound and outbound nodes. If all of the servers on the node are using the same certificates, apply the certificate to the node. If all servers on the node are not using the same certificate, apply the certificate at the server level.
  5. On the SSL configuration page for the selected node, look in the "Related Items" section and click Key stores and certificates.
  6. On the Key stores and certificates page, click the name of the keystore where you want to import the certificate. If the certificate is used across multiple nodes in the cell, install the certificate into the CellDefaultKeyStore. If you are installing the certificate into a standalone server, select NodeDefaultKeyStore. For example, the Sametime Video Manager is a standalone server, therefore, you add the certificate to the NodeDefaultKeyStore for the Video Manager.

    In other words, if the certificate is used by multiple Sametime servers which are part of the same WebSphere cell (for example, Sametime Meetings, Sametime Proxy, Sametime Advanced), or in cases where there are WebSphere Proxies using the same fully qualified domain name, install the certificate into the CellDefaultKeyStore.

  7. On the configuration page for the selected keystore, look under "Additional Properties" and click Signer certificates.
  8. On the Signer certificates page, click Add.
  9. Type an alias for the certificate.
  10. Type a path and file name where you stored the certificate file, and select Base64-encoded ASCII data as the data type.
  11. Click OK.
  12. Click the Save link in the "Messages" box at the beginning of the page.
  13. Restart WebSphere Application Server.