test

Sun Java System Instant Messaging 7 2006Q1 Administration Guide

Activating SSL for Server to Server Communication

Before you can activate SSL, you must create a certificate database, obtain and install a server certificate, and trust the CA’s certificate as described earlier.

Table 10–2 lists the parameters in iim.conf used to enable SSL between two Instant Messaging servers. It also contains the description and the default value of these parameters.

Table 10–2 Server-to-Server SSL Configuration Parameters

Parameter  

Default Value  

Description  

iim_server.secconfigdir

Solaris: /etc/opt/SUNWiim/default/config

Linux: /etc/opt/sun/im/default/config

This directory contains the key and certificate databases. It usually contains the security module database.  

If you created multiple instances of Instant Messaging, the name of the /default directory will vary depending on the instance. See Creating Multiple Instances from a Single Instant Messaging Installation for more information.

iim_server.keydbprefix

None 

This value should contain the key database filename prefix. The key database file name must always end with key3.db.

If the Key database contains a prefix, for example This-Database-key3.db, then value of this parameter is This-Database.

iim_server.certdbprefix

None 

This value should contain the certificate database filename prefix. The certificate database file name must always end with cert7.db.

If the certificate database contains a prefix, for example Secret-stuff-cert7.db, then value of this parameter is Secret-stuff.

iim_server.secmodfile

secmod.db

This value should contain the name of the security module file. 

iim_server.certnickname

Server-Cert

This value should contain the name of the certificate you entered while installing the certificate. The certificate name is case-sensitive. 

iim_server.keystorepasswordfile

sslpassword.conf

This value should contain the relative path and the name of the file containing the password for the key database. This file should contain the following line: 

Internal (Software) Token:password

Where password is the password protecting the key database.

iim_server.trust_all_cert

false 

If this value is true than the server will trust all certificates and will also add the certificate information into the log files. 

ProcedureTo Activate SSL Between Servers

Steps

  1. Set these iim.conf parameters:

    • iim_server.usesslport=true

    • iim_server.sslport=5223

    These parameters should already be in the iim.conf file.

    See iim.conf File Syntax for instructions on locating and modifying iim.conf.

  2. Set the server-to-server configuration as described in Chapter 6, Federating Deployment of Multiple Instant Messaging Servers.

  3. Add the following additional parameter to iim.conf:

    iim_server.coserver1.usessl=true

  4. Change the port number of the following parameter:

    iim_server.coserver1.host=hostname:5223

    The port number should be the SSL port of the other server.

  5. Refresh the server configuration using imadmin.


    imadmin refresh server
Example 10–2 SSL Server Configuration in iim.conf

Following is a section of iim.conf file with the required SSL configuration:


! Server to server communication port.
iim_server.port = "5269”
! Should the server listen on the server to server
! communication port
iim_server.useport = "True”
! Should this server listen for server-to-server communication
! using ssl port
iim_server.usesslport = "True”
iim_server.sslport=5223
iim_server.coservers=coserver1
iim_server.coserver1.serverid=Iamcompany22
iim_server.coserver1.password=secretforcompany22
iim_server.coserver1.usessl=true
iim_server.coserver1.host=iim.i-zed.com:5223
iim_server.serverid=Iami-zed
iim_server.password=secret4i-zed
iim_server.secconfigdir = "/etc/opt/SUNWiim/default/config"
iim_server.keydbprefix = "This-Database"
iim_server.certdbprefix = "Secret-stuff"
iim_server.secmodfile = "secmod.db"
iim_server.certnickname = "Server_Cert"
iim_server.keystorepasswordfile = "sslpassword.conf"