Enabling Legacy SSL Between the Multiplexor and Instant Messenger
You enable SSL for client-to-multiplexor communication by modifying parameters in iim.conf and then connecting to the multiplexor using the secure version of the Instant Messenger client.
Table 12–2 lists the parameters in iim.conf for enabling SSL between Instant Messenger and the multiplexor. It also lists the description and the default value of these parameters.
Table 12–2 Instant Messaging Multiplexor SSL Parameters|
Parameter |
Default Value |
Description |
|---|---|---|
|
iim_mux.usessl |
off |
If the value is set to on, the multiplexor requires an SSL handshake for each connection it accepts, before exchanging any application data. |
|
iim_mux.secconfigdir |
Solaris: /etc/opt/SUNWiim/default/config Linux: /etc/opt/sun/im/default/config |
This directory contains the key and certificate databases. It usually contains the security module database. In addition, if you created multiple instances of Instant Messaging, the name of the /default directory will vary depending on the instance. See Creating Multiple Instances from a Single Instant Messaging Installation for more information. |
|
iim_mux.keydbprefix |
(Empty string) |
This value should contain the key database filename prefix. The key database file name must always end with key3.db. If the Key database contains a prefix, for example This-Database-key3.db, then value of this parameter is This-Database. |
|
iim_mux.certdbprefix |
(Empty string) |
This value should contain the certificate database filename prefix. The certificate database file name must always end with cert7.db. If the certificate database contains a prefix, for example Secret-stuff-cert7.db, then value of this parameter is Secret-stuff. |
|
iim_mux.secmodfile |
secmod.db |
This value should contain the name of the security module file. |
|
iim_mux.certnickname |
Multiplexor-Cert |
This value should contain the name of the certificate you entered while installing the certificate. The certificate name is case-sensitive. |
|
iim_mux.keystorepasswordfile |
sslpassword.conf |
This value should contain the relative path and the name of the file containing the password for the key database. This file should contain the following line: Internal (Software) Token:password Where password is the password protecting the key database. |
To Enable SSL Between Instant Messenger and
the Multiplexor
-
Open iim.conf.
See iim.conf File Syntax for instructions on locating and modifying iim.conf.
-
Add the values from Table 12–2 to the multiplexor configuration parameters in iim.conf.
Example 12–2 Legacy SSL Multiplexor Configuration in iim.conf
The following is an example of iim.conf with the multiplexor configuration parameters included:
! IIM multiplexor configuration
! =============================
!
! Multiplexor specific options
! IP address and listening port for the multiplexor.
! WARNING: If this value is changed, the port value of ’-server’
! argument in the client’s im.html and im.jnlp files should
! also be changed to match this.
iim_mux.listenport = "siroe.com:5222"
! The IM server and port the multiplexor talks to.
iim_mux.serverport = "siroe.com:45222"
! Number of instances of the multiplexor.
iim_mux.numinstances = "1"
! Maximum number of threads per instance
iim_mux.maxthreads = "10"
! Maximum number of concurrent connections per multiplexor process
iim_mux.maxsessions = "1000"
iim_mux.usessl = "on"
iim_mux.secconfigdir = "/etc/opt/SUNWiim/default/config"
iim_mux.keydbprefix = "This-Database"
iim_mux.certdbprefix = "Secret-stuff"
iim_mux.secmodfile = "secmod.db"
iim_mux.certnickname = "Multiplexor_Cert"
iim_mux.keystorepasswordfile = "sslpassword.conf"
|
- © 2010, Oracle Corporation and/or its affiliates