test

Sun Java System Instant Messaging 7.2 Administration Guide

Setting Up TLS for the Instant Messaging Server

Enabling TLS for Instant Messaging server-to-server and client-to-server communication requires the following general steps:

  1. Creating a Java keystore (JKS) and a private key using the keytool utility.

    For an overview of the keytool utility, see Tools for Managing Security in Sun Java System Application Server Enterprise Edition 8.2 Administration Guide. For instructions on generating the JKS using Sun Java System Application Server, see Working with Certificates and SSL in Sun Java System Application Server Enterprise Edition 8.2 Administration Guide.

  2. Using the private key to generate a server certificate for the Instant Messaging server.

    See Generating a Certificate Using the keytool Utility in Sun Java System Application Server Enterprise Edition 8.2 Administration Guide for instructions.

  3. Getting the Instant Messaging server certificate signed by a Certificate Authority (CA).

    See Signing a Digital Certificate Using the keytool Utility in Sun Java System Application Server Enterprise Edition 8.2 Administration Guide for instructions. Replace Application Server with Instant Messaging where applicable.

  4. Restart the Instant Messaging server.

    See Starting Instant Messaging Components for details.

  5. Obtaining the CA's root certificate.

    Contact your CA for instructions on obtaining the CA's root certificate.

  6. Import the certificates into the keystore.

    You import the CA root certificate and the signed server certificate into the keystore using the keytool utility as described in Using the keytool Utility in Sun Java System Application Server Enterprise Edition 8.2 Administration Guide.

  7. Activating TLS in the server by setting the appropriate parameters in iim.conf.

    For instructions see Activating TLS on the Instant Messaging Server.

  8. For server-to-server communication over TLS, you need to repeat these steps for each server that will be communicating over TLS. You do not need to perform anything to configure Instant Messenger to use TLS. You also do not need to configure the multiplexor for TLS, however you must not set up the multiplexor to use legacy SSL if you intend to use TLS.

  9. If you are using the XMPP/HTTP Gateway in your deployment, configure the gateway to communicate directly with the Instant Messaging server and not the multiplexor.

If you are using the Sun Java System Application Server, steps 1 through 5 are documented in Working with Certificates and SSL in Sun Java System Application Server Enterprise Edition 8.2 Administration Guide of the Sun Java System Application Server Enterprise Edition 8.2 Administration Guide. Step 6 is described in Activating TLS on the Instant Messaging Server.