HCL Sametime V11 Proxy Server – exchange self certificate for qualified SSL certificate

To use Sametime V11 access from mobile devices or chat using a web browser, you need to install and configure the Sametime Proxy Server. Sametime since version 11 uses a proxy server based on Apache Tomcat. This reduced hardware requirements and simplified installation.

The document “ST11_Installation_and_Administration.pdf”, which can be downloaded together with the installation files located on Flexnet, describes the basic installation and configuration. The Sametime Proxy Server installation section describes how to automatically create a new selfcert for SSL without any configuration changes. If you use selfcert, it is possible that some web browsers or mobile devices may have problems with this certificate, you will have to create exceptions, rules and so on.
I had this problem with my installation of Sametime V11 and so we started looking for how to replace the selfcert with a qualified certificate from a Certificate Authority (in my case I chose RapidSSL from GeoTrust).

The solution is not complicated and although I am not an expert on Tomcat, I managed it quite easily. Maybe also thanks to my previous experience, as Domino Admin I used SSL certificates for Domino using OpenSSL.

How to do it?

Suppose we already have Sametime Community Server V11 installed and install Sametime Proxy Server V11 in “c:\ sametimeproxy” (as described in the instructions document). We will need the “keytool” tool, which is in “C: \ sametimeproxy \ jdk8u222-b10-jre \ bin

  1. Run a command prompt and open the folder C: \ sametimeproxy \ jdk8u222-b10-jre \ bin
  2. Now we will create a new Certificate Keystore using “keytool”, where we will then import the necessary certificates. We name the new keystore “st.keystore”. Create it C: \ sametimeproxy \ cfg.So we use the command:

“keytool -genkey -alias tomcat -keyalg RSA -keystore C:\sametimeproxy\conf\st.keystore”

– create a new password for the keystore. Tomcat default uses “changeit”
– we will confirm the password again
– fill in basic information about keystore. In “First and Last name” I used FQDN of Sametime server “sametime.company.com” and gradually filled in further data (Company, City, Country and so on).
– we created a new keystore

  1. Now we create a new a local Certificate Signing Request (CSR). In order to obtain a Certificate from the Certificate Authority of your choice you have to create a so called Certificate Signing Request (CSR).

    That CSR will be used by the Certificate Authority to create a Certificate that will identify your website as “secure”.

    The CSR is then created with:

“keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore C:\sametimeproxy\conf\st.keystore”

– Now you have a file called certreq.csr that you can submit to the Certificate Authority. In return you get a Certificate.

  1. The certificate must be installed to the keystore where the CSR was created.
    – Prepare a certificate file and both Intermediate certificates. Import Primary Intermediate:

“keytool -import -alias primary -trustcacerts -file D: \ cert \ PrimaryIntermediate.pem -keystore C: \ sametimeproxy \ conf \ st.keystore”

– Import Secondary Intermediate:

“keytool -import -alias secondary -trustcacerts -file D: \ cert \ SecondaryIntermediat .pem -keystore C: \ sametimeproxy \ conf \ st.keystore”

– Then import the SSL certificate:

“keytool -import -alias tomcat -trustcacerts -file D: \ cert \ certificate.txt -keystore C: \ sametimeproxy \ conf \ st.keystore”

  1. Now you need to configure the SSL Connector. Open the server.xml file located in the “c:\ conf” folder. In the configuration, find the connector that should work for the new keystore and uncomment it if necessary.
    In the connector configuration, specify the correct file location and passphrase. The correct configuration looks like this:

< Connector protocol=”org.apache.coyote.http11.Http11NioProtocol” port=”8443″ maxThreads=”200″ scheme=”https” secure=”true” SSLEnabled=”true” keystoreFile=”conf/st.keystore” keystorePass=”changeit” clientAuth=”false” sslProtocol=”TLS”/ >

  1. Now restart the Sametime proxy server and your web browser should already see the imported certificate.


HCL Domino, Notes, Traveler, Sametime V11 Documentation

If you are looking for what’s new in Domino, Notes, Sametime, Traveler V11 or need a quick reference to the documentation, here are a few links.

HCL Domino 11.0 documentationLINK
HCL Notes 11.0 documentationLINK
HCL iNotes 11.0 documentationLINK
HCL Client Application Access 3.0LINK
HCL Domino 11 documentation updatesLINK
HCL Traveler 11.0 documentationLINK
HCL Sametime 11.0 documentationLINK

Domino, Notes, Traveler, Sametime V11 released

As announced in early December, Domino, Notes, Traveler and Sametime V11 were released. Check Flexnet where you should already see the installation files.

Active license management is not available for production use licenses of HCL Domino 11 at this time. Therefore, configuring a FlexNet license server for Domino 11.0.0 is not required. Details of when HCL will enable active license management will be announced.

In addition to English, a German and Japanese language version is available. We’ll have to wait for more languages.

Traveler V11 can be installed on Domino server V9.0.1 and V10.


HCL Domino 11.0 Detailed System Requirements LINK
HCL Notes 11.0 Detailed System Requirements  LINK
HCL iNotes 11.0 Browser Requirements LINK
HCL Client Application Access 3.0 Detailed System Requirements LINK
HCL Sametime 11 System requirements LINK
HCL Sametime 11 Installation and Administration Guide LINK
Getting Started with HCL Sametime 11 LINK

What’s new in HCL Sametime V11

With the release of Domino / Notes 11, we can also expect Sametime V11 to be available. Beta V11 is currently available.
I like the constant simplification of system requirements using HCL. And yet with new features and almost no limitations to existing ones. Keep it up!

What will appear in this version?

  • No DB2 dependency
  • No WebSphere dependency
  • Sametime V11 Community server – 64-bit support
  • Sametime V11 Proxy server – Simple to install and maintain
  • Simplified, user-oriented look
  • will stay Mongo
  • New modern look for Web Chat client
  • Updated rich clients
  • Support only HCL Domino V11
  • Easy installation
  • New feature – Click to meet

Whats components included in Sametime V11

  • Community Server
  • Proxy Server
  • Mac Standalone Client
  • Notes V11 embedded client
  • Windows Standalone Client
  • Web Client
  • New Client IDs – “12A2” for ST11 embedded in Notes V11 and “1312” for ST11 Standalone

New feature – Click to meet

  • Available in both web chat client and rich client.
  • Lets you start a meeting through a Third-party conferencing application from the chat conversation.
  • The Launch Meeting and Send Invitation option appears as a button on the chat conversation window.
  • A pop-up window displays, to configure the External Meeting Provider

Source: Presentation Ginni Saini – HCL Software (Collabsphere2019)


HCL Sametime V11 beta

Along with Domino / Notes V11 beta 2, HCL Sametime 11 beta was released.

Major changes you can expect in HCL Sametime 11:

  • Sametime V11 Community server – 64-bit support. Sametime Community Server is now ported to 64 – bit on Windows. It fully supports Domino V11 Beta 2.
  • Sametime V11 Proxy server – Simple to install and maintain. With Sametime V11 we now have an incredibly simple, fast and lightweight installer for Sametime Proxy server. The installer is a single .zip file that includes everything you need to run and install the Sametime Proxy Server – no DB2, WebSphere or System Console is required.
  • New modern look for Web Chat client. HCL Sametime 11 Web Chat client has a new, simplified, and modern look. The latest version of Sametime web chat client has a new color scheme and design.

First month with HCL software

We have completed the first month when HCL fully took over from IBM Collaboration software (Domino, Notes, Sametime, Connections …..).
Information comes from all sides, we gain access to individual systems.

Everything is not going smoothly, but from my own experience I know that the people of each teams are trying to help. I wish everything was successful and thanks to all HCL people and customers for patience.

We get a lot of information, which is gradually updated, so I tried to prepare some interesting sources.

  • Website HCL software LINK
  • Customer registration LINK
  • Partner registration LINK
  • HCL Software Customer Support LINK
  • Overview of purchased software LINK
  • HCL Software Licensing and Download LINK
  • Factory Tour 3 – HCL Presentation Catalog LINK
  • Digital Solutions Blogs LINK
  • HCL Masters Programme LINK
  • Sign up for Nomad on Android beta LINK
  • Template Experience LINK
  • Social Connections 15 Conference (Munich- September) LINK
  • RNUG Forum (Moscow – October) LINK
  • Domino Portable Edition – Building the smallest Domino server (Thomas Hampel) LINK

How I installed Sametime 10 Limited Use

I have received some questions from customers about new features in Sametime 10 Limited Use. Some would like to either upgrade or use this tool.

So last week I did the installation. And here are just a few informations.
I used this IBM Sametime 10 Limited Use Installation and Administration Guide LINK. With this guide everything went very easy.

What did I use?

  • Microsoft Windows 2012 server (64-bit)
  • Domino 9.0.1.FP10 (32-bit)
  • IBM Sametime Community Server V10.0 Windows Multilingual
  • IBM Sametime Proxy Server V10.0 Windows Multilingual
  • Mongo DB 3.6.5 (Download Link)
  • Mongo Compass addon (Download Link)

As stated in the guide, when installing Websphere, I also installed FP14. Here I had to go back one step. I originally installed everything on the second “D” drive and there was a problem with validating the Websphere server when installing Sametime Proxy. Therefore, I recommend installing everything on disk “C”.

The use of Installation Manager 1.8.6 was recommended in the manual. I left the automatic update enabled and I used version There was no problem with this version.

I had some delay when silently installing the Sametime proxy server. Respectively when editing the response file IP.rsp. But at the same time, Petr Kunc also performed the installation at that time, so he provided me with his file, which I modified for my needs and installed according to this manual LINK.
Installation has already taken place quite quickly. After installation, I had only a few problems, but they were caused only by my fault. I had a typos when editing xml files. I fixed them and everything worked immediately.

Now it works for me:

  • chat on Notes client, web client, ST client, mobile client
  • persistent chat
  • offline chat

Everything runs only on one virtual machine, that is:

  • Domino server 9.0.1 FP10
  • Sametime Community Server V10.0
  • Sametime Proxy Server V10.0
  • DB2
  • Mongo DB
  • WAS 8.5.5 FP14
Persistent chat on ST client

Persistent chat on web client

Persistent chat on iPhone

Sametime 10 Limited Use is availabe

Sametime V10 Limited Use has been released today. Here’s a table with the individual Part Numbers you need to install.

What’s new in Sametime V10 Limited Use here

IBM Sametime Connect Client V10.0 Mac MultilingualCC19LML
IBM Sametime Connect Client V10.0 Windows MultilingualCC19MML
IBM Sametime Community Server V10.0 Windows (32 bit only) MultilingualCC19NML
IBM Sametime Proxy Server V10.0 Windows MultilingualCC19PML


What’s coming in Sametime 10 Limited Use?

The release of Sametime Limited Use V10 is scheduled for June 14th. HCL does a lot of work on upgrading Sametime and certainly many of us can’t wait to start using Sametime Limited.

So what can we look forward to?

  • Modern user interface with alternating chat bubbles and the conversation list as the primary view
  • Persistent chat including groups with the ability to receive messages immediately and on all clients (desktop, mobile, and browser) concurrently
  • Seamless, offline chat with automatic queuing and receiving of messages instantly after logging into any client
  • Brand new React-based, lightweight web client
  • Domino® 64-bit support (Windows 32-bit will ship first, followed closely by Windows 64-bit, and then Linux 64-bit)
  • Server-side chat history (Mongo will initially be required for server-side chat history; Domino to follow at a later time)
  • Chat configuration settings allowing the ability to turn persistence on or off, establishing which users or groups of users receive persistence, and specifying for the duration of chat history storage
  • Fully compatible with Sametime 9.0.1 FP1

IBM Sametime Limited Use V10.0 enables the use of selected integrated instant messaging and presence awareness functions from IBM Sametime. The components from IBM Sametime that make up IBM Sametime Limited use are:

  • IBM Sametime Connect Client V10.0
  • IBM Sametime Community Server V10.0
  • IBM Sametime Proxy Server V10.0

Features included in this release:

  • Instant messaging chat
  • Online presence status and status icons
  • Set presence status and status message on startup
  • Chat history (desktop client-side)
  • Emoticons and emoticon palettes
  • Business card display
  • Contact type ahead
  • Spell check
  • Group chat
  • Mobile access
  • Multilingual release
  • MacOS and Windows™ client-side; Windows server-side

Sametime Roadmap what’s next?





HCL Factory Tours Milan – Day 2 Summary

After an intensive first day and a great evening followed by an interesting program right from the morning.

The second day I was most interested in the news about Verse 11, Sametime 10, Client Notes 11.

VERSE On-Premises 11…

Barry Rosen and Andrew Davis have demonstrated the functionality that will appear in the near future in VOP 1.0.7 :

  • ICS Import directly from an attachment
  • Allow user to download all attachments at once
  • Allow user to filter search results to show unread messages
  • Allow viewing of messages sent with “prevent copy” turned on
  • Better user experience when type-ahead yields no results
  • Change blank subject line to the name of an attachment
  • Continued enhancements on the modernization of the Calendar user interface
  • and several others

VOP features coming to VOC in Q1/Q2 -Subject to change:

  • 24 hour time setting
  • 30 days data sync for offline
  • Accept button added to Calendar Inbox popup card
  • Allow users to minimize the compose and quick calendar create docked windows
  • Dual Time Zone in Calendar Inbox
  • Extension: 3rd party Files repository integration
  • Extension: Custom name Picker enhancement.TO/Cc/Bcc in one action
  • Extension Enhancement: Hook before on Send: provide attachment name & size and bcc info
  • and many others


  • Complete New Calendar React UI
  • Complete effort for supporting Verse Web on Mobile (Mobile web alternative to iNotes Ultra Light)
  • Next Gen Lightweight Client

Notes & Lightweight Client Strategy

Another (for me) expected session was Notes & Lightweight Client Strategy by Adrew Davis

Notes 11 backlog sneak peak – Subject to change

  • Windows 64-bit /JVM 11 support
  • Mac 64-bit installer
  • Modernized Look
  • Stretch Goal: Create meetings beyond 24 hours – for all clients !

What does it mean to be “Lighter Weight”

  • Simpler Install and Upgrade – No more provisioning
  • Super fast startup – enough said
  • Single native process – No Java, less memory ….
  • Simpler extensibility model – HTML/JS programming – No more Eclipse, Java, SWT
  • and others

The first beta Lighter Weight Client should be in 2019

Sametime 10

What to expect in Sametime 10 showed Pat Galvin.

What´s in Sametime Limited use V10

  • Concurrent online clients – desktop, mobile, browser
  • Messages received immediately on all online client
  • Received queued messages when logging in on a client
  • Runs on Domino 64-bit
  • Fully compatible with Sametime 9.0.1 FP1

What’s next in V10 or V11

  • Server-side Chat History
  • Multi-Device File Transer
  • Multi-Device Voice/Video Calling
  • No More Browser Plugins
  • Docker for Simplified Deployment
  • Get rid of WAS, DB2, Sametime System Console
  • and many others

What to write at the end?

I did not get any more because I had to go back home to work. The journey by car was long enough and I had time to think about what it was like for 2 days in HCL Factory.

It was a great day with lots of interesting information, and it seems that HCL really means “Domino family” seriously.

I’m glad I could be there to meet a bunch of new people.
I’m glad I do not have to end after 25 years of working with Domino / Notes.

Thanks for the invitation, thanks to the all members HCL team.
You do not stop!

I look forward to May – engage.ug and sutol.cz conference