Skip to content

Securing connections

The various connections to Sametime can be secured using TLS.

Desktop client to Sametime server : These are connections from the Sametime Connect client or Sametime embedded client inside HCL Notes that connect on port 1533 to the Sametime Multiplexer (Mux) by default. Sametime has legacy encryption enabled by default. These connections can be secured over TLS 1.2. For additional information, see Securing connections between the Sametime mux and the Connect and Embedded clients.

Sametime web and mobile clients : Sametime meetings and web chat come with a self-signed certificate. You can replace the self-signed certificate with a third party certificate. For more details on this configuration, see Replacing the TLS certificates for Web Chat and Meetings.

Sametime server to LDAP server : By default the LDAP operations are not encrypted. It is recommended to enable encryption using TLS to encrypt sensitive user data, such as names and passwords. The secure port for LDAPS is typically 636 but may be different in your environment. For more details on this configuration, see Securing connections between Sametime servers and LDAP.

Decrypting SAML assertions : When Sametime server is configured for SAML, the Sametime server can validate the encrypted assertions are from the Identity Provider (IdP). These settings is used for the decryption. For more information, see Setting up SSO using SAML.

MongoDB : The connection Sametime uses to access MongoDB can be secured with TLS. For more details, see Setting up TLS for the Mongo database.

Configuration scope : Beginning with Sametime 12, Kubernetes environments have a separate TLS scope for each type of connection as described above. Docker environments can be configured to use key and trust stores at the global level, where all certificates are shared among the different community services. For more details on this configuration, see Implementing the Global TLS Scope for Docker.

Parent Topic: Securing