February | 2025 | Roberto Boccadoro

Sametime 12.0.2 on Windows – Use your TLS certificates

The Sametime Chat server on Windows is pretty new, so is understandable that the documentation is not yet complete. The help center explains how to install it, but not how to change the default TLS certificates.

When you install Sametime on Windows, it will create its own TLS certificate, a self signed one generated by Traefik, which is one of the components Sametime uses under the hood.

To replace it and use your own real certificate, if you have one, go into the C:\Sametime\traefik-windows-amd64\conf\keys directory. Here you will find 2 files, cert.crt and cert.key. Those are the self created ones.
Just replace them with your certificate and private key and that’s it.
There are 2 possibilities, either you rename your crt and key files to cert.crt. and cert.key, or if you want to keep a different name, say company.crt and company.key, you can edit the file :\Sametime\traefik-windows-amd64\conf\dynamic.yml. At the end of the file there is this:

tls: options: default: cipherSuites: - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 certificates: - certFile: "./conf/keys/cert.crt" - keyFile: "./conf/keys/cert.key"

Just replace the certFile and keyFile names with company.crt and company.key

roberto 7th February 2025