Configure Instant Messaging services on two of the FE systems, fe-amer-11.example.com and fe-amer-12.example.com.
Run the Instant Messaging configurator:
# cd /opt/SUNWiim # ./configure -nodisplay Components to configure: Sun Java System Instant Messaging Server Sun Java System Instant Messenger Resources Host name: im-amer DNS Domain name: example.com User ID: iimuser Group ID: iimgroup Instant Messaging Server runtime files directory: /var/opt/SUNWiim Instant Messaging Server Configuration: Domain Name: example.com IM Server port: 9999 Multiplexor port: 9909 Disable Server: yes Remote Server Hostname: im-amer-01.us.example.com Messenger Resources Code Base URL: http://im-amer.example.com:80 Start Instant Messaging Services after successful configuration: no Start Instant Messaging Services on system startup: yes |
Add the SSL certificates
# cd /usr/local/cert/SUN_PKI.cert/im-amer # cp cert8.db /opt/SUNWwbsvr/alias/https-im-amer-cert8.db # cp key3.db /opt/SUNWwbsvr/alias/https-im-amer-key3.db # cp secmod.db /opt/SUNWwbsvr/alias/secmod.db # cp cert8.db /etc/opt/SUNWiim/default/config/https-im-amer-cert8.db # cp key3.db /etc/opt/SUNWiim/default/config/https-im-amer-key3.db # cp secmod.db /etc/opt/SUNWiim/default/config/secmod.db # cp PW /etc/opt/SUNWiim/default/config/PW # cd /opt/SUNWwbsvr/alias # chmod 644 * # cd /etc/opt/SUNWiim/default/config # mv PW sslpassword.conf # chown iimuser:iimgroup * |
Edit the /etc/opt/SUNWiim/default/config/sslpassword.conf file and change it to the following format:
Internal (Software) Token:password_from_PW_file |
Edit the /etc/opt/SUNWiim/default/config/iim.conf file and verify the following parameters:
iim.smtpserver = "mail-amer-xfr.example.com" iim.instancedir = "/opt/SUNWiim" iim.instancevardir = "/var/opt/SUNWiim/default" iim.user = "iimuser" iim.group = "iimgroup" iim_ldap.host = "empldap1.us.example.com:389" iim_ldap.searchbase = "dc=example,dc=com" iim_ldap.usergroupbinddn = "" iim_ldap.usergroupbindcred = "" iim.log.iim_server.severity = "INFO" iim.log.iim_mux.severity = "INFO" iim.log.iim_wd.severity = "INFO" iim_server.domainname = "example.com" iim_server.useport = "True" iim_server.port = "5269" iim_server.usesslport = "False" iim_server.enable = "false" iim_server.clienttimeout = "15" iim_server.usesso = "0" iim.policy.modules = "iim_ldap" iim.userprops.store = "file" iim_mux.listenport = "im-amer.example.com:9909" iim_mux.serverport = "im-amer-01.us.example.com:9999" iim_mux.enable = "true" iim_mux.numinstances = "4" iim_mux.maxthreads = "10" iim_mux.maxsessions = "1000" ! SSL settings iim_mux.usessl = "on" iim_mux.secconfigdir = "/etc/opt/SUNWiim/default/config" iim_mux.keydbprefix = "https-im-amer-" iim_mux.certdbprefix = "https-im-amer-" iim_mux.secmodfile = "secmod.db" iim_mux.certnickname = "Server-Cert" iim_mux.keystorepasswordfile = "sslpassword.conf" iim_wd.enable = "true" iim_wd.period = "300" iim_wd.maxRetries = "3" ! Calendar agent stuff - disable on the FEs iim_agent.enable = "false" iim_agent.agent-calendar.enable = "false" |
Edit the IM client resources to force the use of SSL (all language files must be edited
Edit /opt/SUNWiim/html/index.html, search for and change all instances of the following:
im.html to imssl.html im.jnlp to imssl.jnlp |
Perform the same edits on the index.html files for all languages. The index.html file is found in the following directories:
/opt/SUNWiim/html/de /opt/SUNWiim/html/es /opt/SUNWiim/html/fr /opt/SUNWiim/html/ja /opt/SUNWiim/html/ko /opt/SUNWiim/html/zh /opt/SUNWiim/html/zh_TW |