When re-installing the Sametime Gateway to convert it from a Single Server to a Network Deployment you are obviously faced with the task to re-configure the system, which definitely includes the SSL configuration. There might possibly be a way to transfer most of the configuration using Websphere scripts. In absence of any experience in this area I am going to describe the manual steps here.
Very important: create a backup of your Websphere directory before removing the old installation of the Gateway. I am assuming here thatÂ you have followedÂ IBM’s instructionsfor theÂ SSL setup of the single server and didn’tÂ create a custom keystore.Â In this case you’ll find a key.p12 file within the profile config, which is the NodeDefaultKeyStore and a trust.p12 file, reflecting the NodeDefaultTrustStore.
On setting up the new Sametime Gateway server using network deployment you will be creating a new key store. Instead of creating a certificate request though you are going to import the existing certificate.
- Select Personal Certificates under Additional properties and choose Import.
- Choose Key store file and type the path to you key.p12 file.
- Leave Type set to PKCS12.
- Enter the Key file password. The default key store password, if you haven’t changed it, is WebAS .
- Hit the ‘Get Key File Aliases’Â button and select the alias to import in the drop down below.
- Define the alias name for the import and hit okay.
Repeat above steps for all trust certificates using the trust.p12 file of the old installation and the CellDefaultTrustStore of the new installation. You can now continue with the SSL configuration for the cluster, the SIP andÂ XMPP proxy.
As a side note to above: it is strongly recommended to change the password for your DefaultKeyStores. Otherwise an attacker might possibly be able to steal and misuse your identity.