This blog shows how to achieve an A+ security rating for your Sametime 11.5 Premium Meetings server on the excellent Qualsys SSL Labs test
Firstly, please if you want an end user demo of Sametime Meetings then look here for more information.
Again Ales Lichtenberg’s site is where you want to go for a guide on setting up Meetings.
One of the steps in there is around if you want to copy in your own existing SSL cert, and it’s to copy your cert.crt and cert.key to <Sametime Meeting Install Directory>/jitsi-config/web/keys/
That 100 per cent works. However following this step my SSL Labs test was limited to a B rating.
We don’t like B ratings.
I looked into it. If you copy your .crt file as you generally will download it from your third party Certificate authority, it doesn’t copy the chain in a way that NGINX HTTP server likes. (If you open the cert in Windows, you will see the chain fine, but NGINX doesn’t read it this way).
All you need to do to resolve this, is extract the root and intermediary certs. I gave steps to do this before here.
Then concatenate the actual site cert, the intermediary and root into one .crt file.
You can do this by either:
Running something like this in a command prompt
type certwhendownloadedfromCA.crt intermediary.crt root.crt>cert.crt
OR
Open up all three certs in notepad and copy the contents of them one by one into a new notepad file (the website cert first, followed by the intermediary, followed by the root) and save as cert.crt (without a .txt extension).
With either approach the next step is to copy the cert.crt across to <Sametime Meeting Install Directory>/jitsi-config/web/keys/ (and the cert.key if you haven’t already)
Then putty and <Sametime Meeting Install Directory>/docker-compose down
<Sametime Meeting Install Directory>/docker-compose up -d
and you should have a A+rating.
Let us know if you found this useful!
Cormac McCarthy – Domino People Ltd
